db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Knut Anders Hatlen <knut.hat...@oracle.com>
Subject Re: Grant Schema Privileges
Date Thu, 27 Sep 2012 12:07:24 GMT
JHead <pocze.z@gmail.com> writes:

> Hi there.
> Is there any way to grant schema privileges to users like create / alter /
> drop table? I did a lot of search without any result.
> It works in DB2 with the following syntax:
> I want to allow to create and alter tables for all users in one schema. 
> (The reason: I want to run automatic software updates in my application by
> every user, and some software updates should alter or create new tables and
> it is very uncomfortable to request the database owners password every time
> when a new update is installed. )
> Is it possible without a hack? I don't know what to do if it is not
> possible. (May be I will have to rewrite the half of my application!!! )

I don't think you can do that right now.

One alternative approach might be to put the upgrade logic in a stored
procedure owned by the database owner, declare the procedure with
EXTERNAL SECURITY DEFINER, and grant execute privilege on the procedure
to Frank. Frank would then be allowed to execute the procedure, and the
procedure would run with the privileges of the database owner.

This approach would have the added benefit of limiting Frank's extra
privileges to upgrading the schema, instead of giving him carte blanche
to do whatever he'd like with the objects in the schema.

Hope this helps,

Knut Anders

View raw message