Manjula, following is how I start ij to enable grant/revoke
$ java -Dderby.database.defaultConnectionMode=sqlStandard -Dij.exceptionTrace=true org.apache.derby.tools.ij
$ java -Dderby.database.defaultConnectionMode=sqlStandard -Dij.exceptionTrace=true org.apache.derby.tools.ij
So, the property you need in derby.properties file is Dderby.database.defaultConnectionMode=sqlStandard. I haven't done sync on my client in quite some time but I think it is still the right property to enable grant/revoke.
Mamta
On 3/17/06, Manjula G Kutty <[EMAIL PROTECTED]> wrote:
So if I put derby.database.sqlAuthorization=true in the derby.properties
file then the command like this should execute without error message?
ij> connect 'jdbc:derby:grntdb;create=true' user 'mkutty';
ij> create table tab1(i int, j int);
0 rows inserted/updated/deleted
ij> grant select on tab1 to mkutty;
But after the last statement I 'm getting the error message :
ERROR 42Z60: GRANT not allowed unless database property
derby.database.defaultCo
nnectionMode has value 'sqlStandard'.
Am I doing something wrong here?
--Manjula
Rajesh Kartha wrote:
> >
> >So that means if I put the 'derby.database.sqlAutherization' property
> in the derby.property file can I do grant/Revoke now?
> >
> As I understand, currently the statements should execute, but it won't
> be enforced till Part 2 for DERBY-464 is applied. So any
> negative tests to verify permissions will not work.
>
> -Rajesh
>
>
> On 3/15/06, *Manjula G Kutty* < [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>> wrote:
>
> Hi Satheesh,
> Thanks for your reply. So that means if I put the
> 'derby.database.sqlAutherization' property in the derby.property file
> can I do grant/Revoke now? Also one minor suggestion from my view, The
> functional spec talks about these property under the heading 'derby
> upgrade and migration'. Can you move that under some other meaningful
> heading?
>
>
> Thanks
> Manjula
>
>
> Satheesh Bandaram wrote:
>
> >Manjula G Kutty wrote:
> >
> >
> >
> >>Hi ,
> >>I was investigating the Grant/Revoke functionality added till
> now. And
> >>found
> >>
> >>0 rows inserted/updated/deleted
> >>ij> grant select on t1 to mkutty;
> >>ERROR 42Z60: GRANT not allowed unless database property
> >> derby.database.defaultConnectionMode has value 'sqlStandard'.
> >>
> >>
> >
> >This was the original proposal on how to ask for SQL authorization
> >mode... by setting defaultConnectionMode. Following further
> discussion
> >on the list, the functional spec has been changed say
> >'derby.database.sqlAuthorization' is the way to ask for SQL
> >authorization. Change in functionality hasn't been reflected in
> the code
> >yet.
> >
> >
> >
> >>Also to mention that if I'm not mistaken I have to put the
> >>derby.database.sqlAuthorization property only for upgrading
> derby from
> >>version10.1 right? I came to this conclusion because I found the
> >>follwing sentences on the functional spec under "*derby upgrade and
> >>migration*"
> >>
> >>
> >
> >No... Default authorization model in Derby 10.2 is still legacy
> mode..
> >So if you create a database without setting sqlAuthorization
> property,
> >you shouldn't be able to do GRANT/REVOKE. Only if you have the
> property
> >set to true, SQL authorization would be enforced. This is to
> maintain
> >backwards compatibility.
> >
> >Satheesh
> >
> >
> >
> >>
> http://issues.apache.org/jira/secure/attachment/12324061/grantRevokeSpec_v2.html
> <http://issues.apache.org/jira/secure/attachment/12324061/grantRevokeSpec_v2.html >
> >>
> >>
> >><quote>
> >>When a database is created, if derby.database.sqlAuthorization
> >>property value is true, the database gets created with standard
> >>security mode, enabling grant and revoke. This property could be
> set
> >>either as a system property in derby.properties file or as
> application
> >>property.
> >></quote>
> >>
> >>But the following lines caught my attention
> >>
> >><quote>
> >>It may be good to switch the default connection mode to standard
> model
> >>and hence support grant/revoke by default in future releases.
> >></quote>
> >>
> >>Is this being implemented?
> >>
> >>Can any one please clarify?
> >>
> >>Thanks
> >>Manjula
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
> >
>
>
