routines(DERBY-1330)

Daniel John Debrunner (JIRA) Fri, 04 Aug 2006 15:26:52 -0700

    [ 
http://issues.apache.org/jira/browse/DERBY-1646?page=comments#action_12425882 ] 
            
Daniel John Debrunner commented on DERBY-1646:
----------------------------------------------


3) In one way there are not really two models, Laura you put it well in some 
other comment that said something like derby.database.sqlAuthorization=true 
allows the application to use grant/revoke.  The existing coarse grained 
authorization continues to work (I hope :-) and applications have the option of 
using the fine grained authorization (grant/revoke)

The way there are two models is that default accessbility to objects is open 
without grant/revoke and restricted to the object's owner with grant/revoke.

With derby.database.sqlAuthorization=false (or not set)

If I create a table T then anyone else can access it in any way, including 
dropping it ,subject to their coarse grained authorization (noAccess, full or 
readonly).

With derby.database.sqlAuthorization=true

If I create a table T then no-one else has any access to it unless I grant them 
select/insert/update and/or delete access. No-one else
can drop the table under any circumstance. For any other user with a granted 
privilege on T they are still subject to  their coarse grained authorization 
(noAccess, full or readonly). So if I grant INSERT access to a user that only 
has read-only connection authorization, then they can not insert  into the 
table.



> Documentation to address Grant/Revoke Authorization for 
> views/triggers/constraints/routines(DERBY-1330)
> -------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1646
>                 URL: http://issues.apache.org/jira/browse/DERBY-1646
>             Project: Derby
>          Issue Type: New Feature
>          Components: Documentation
>    Affects Versions: 10.2.0.0
>            Reporter: Mamta A. Satoor
>         Assigned To: Laura Stewart
>
> Creating a separate jira entry for documentation of Grant/Revoke 
> Authorization for views/triggers/constraints/routines(Engine changes are 
> going as part of DERBY-1330).
> Will link this jira entry to DERBY-1330

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Commented: (DERBY-1646) Documentation to address Grant/Revoke Authorization for views/triggers/constraints/routines(DERBY-1330)

Reply via email to