Grant and Revoke, Part II ... DERBY-464...

[Satheesh Bandaram]

I am getting ready to submit a patch for review, that adds parts of Grant and Revoke Part II support. With this patch, I am trying to enforce table privileges that are granted to users using Part I patch that is already submitted. After this patch, I will work on adding upgrade support to upgrade a 10.1 database to 10.2, JDBC metadata changes and migration model for legacy database to enable grant and revoke functionality. Once all these changes are done, I will then try to address other parts of the spec, like routine privileges, views and triggers. Let me know if there are any concerns or comments on this plan. I am not sure if previous discussion about migrating a legacy mode database to Grant Revoke model was finalized. It seems there were two thoughts: Keep authorization models separate. Legacy mode database can be migrated to sqlStandard model by connecting with a URL property. (sqlAuthorization=true) Dan proposed combining both models with Grant and Revoke capability being seen as adding fine-grain access control on top of current model. While this proposal doesn't impact Grant and Revoke work being done currently by much, it may have implications on some future work. (like system privileges) This does make it easier for existing databases to adapt new capabilities. Satheesh Daniel John Debrunner wrote: Satheesh Bandaram wrote: I think mixing both will lead to confusion to users many already familiar with the ansi subset model being proposed. This will also create hurdles as we expand authorization scheme to support roles and "system privileges" as Francois calls them and other security capabilities. I'm more proposing this to deal with existing Derby applications and finding an easy way to bring them into the new world of grant revoke. Users familiar with the ansi subset model would just use that, no need to get involved with the defaultConnectionModel. Though until roles and system privileges is supported, they might need to to ensure a secure system. I haven't seen any proposal on these roles or system privileges so I'm looking at how secure Derby will be in its next release given what has been proposed and is being worked on. Dan.