Oystein Grovlen - Sun Norway wrote: > Daniel John Debrunner wrote: > >> CREATE SCHEMA >> - only create schema matching user's name >> - good for now, forwards compatible with the >> future where permission to create any schema >> could be granted explicitly. > > > Does this mean that we will only allow one schema per user? That > seems like a severe limitation. I guess I am missing something.
This is where Francois's work on system privileges is needed. Current grant/revoke proposal only deals with access privileges to existing objects, like ability to grant/revoke select, insert, delete, update or allow references/triggers to tables and execute privilege to routines. What is sorely needed is ability to grant/revoke system/database access and I thought Francois was working on this. Any status Francois? Until these system privileges are ready, current proposal limits accesses that would cause forward compatibility issues. If sqlStandard mode allows unrestricted schema creation now, this would cause issues in the future where existing applications may need to change or we have to introduce another property like what is being done now. Current legacy authorization model is not compatible with standard model or what Derby might really want to support, but at the same time, we can't drop support for it because of existing applications. I believe Dan is try to ensure current proposal doesn't create any future compatibility issues, even if in the short term, Derby's new capabilities are restrictive. Satheesh
