On 2/21/06, Satheesh Bandaram <[EMAIL PROTECTED]> wrote: > > Oystein Grovlen - Sun Norway wrote: > > > Daniel John Debrunner wrote: > > > >> CREATE SCHEMA > >> - only create schema matching user's name > >> - good for now, forwards compatible with the > >> future where permission to create any schema > >> could be granted explicitly. > > > > > > Does this mean that we will only allow one schema per user? That > > seems like a severe limitation. I guess I am missing something. > > This is where Francois's work on system privileges is needed. Current > grant/revoke proposal only deals with access privileges to existing > objects, like ability to grant/revoke select, insert, delete, update or > allow references/triggers to tables and execute privilege to routines. > What is sorely needed is ability to grant/revoke system/database access > and I thought Francois was working on this. Any status Francois? >
I'll be posting more information soon. > Until these system privileges are ready, current proposal limits > accesses that would cause forward compatibility issues. If sqlStandard > mode allows unrestricted schema creation now, this would cause issues in > the future where existing applications may need to change or we have to > introduce another property like what is being done now. Current legacy > authorization model is not compatible with standard model or what Derby > might really want to support, but at the same time, we can't drop > support for it because of existing applications. I believe Dan is try to > ensure current proposal doesn't create any future compatibility issues, > even if in the short term, Derby's new capabilities are restrictive. > > Satheesh > >
