db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JHead <pocz...@gmail.com>
Subject Re: Grant Schema Privileges
Date Thu, 27 Sep 2012 13:13:11 GMT


Knut Anders Hatlen-5 wrote:
> 
> I don't think you can do that right now.
> 
> One alternative approach might be to put the upgrade logic in a stored
> procedure owned by the database owner, declare the procedure with
> EXTERNAL SECURITY DEFINER, and grant execute privilege on the procedure
> to Frank. Frank would then be allowed to execute the procedure, and the
> procedure would run with the privileges of the database owner.
> 
> This approach would have the added benefit of limiting Frank's extra
> privileges to upgrading the schema, instead of giving him carte blanche
> to do whatever he'd like with the objects in the schema.
> 
> Hope this helps,
> 
> -- 
> Knut Anders
> 
> 

Thanks for your help. It seems to be a good solution, I will investigate,
how the program could do the whole thing automatically. I know the most
secure and simplest way is to allow to upgrade of the database only the
database owner (e.g. system administrator). If there are more clients the
database related part of the software upgrade need to be done only once.
After the database is upgraded on the server, clients need to do only the
non-database part of the upgrade.

Thanks,
Best regards,
Zsolt Pocze
-- 
View this message in context: http://old.nabble.com/Grant-Schema-Privileges-tp34485890p34486830.html
Sent from the Apache Derby Users mailing list archive at Nabble.com.


Mime
View raw message