Rick Hillegas (JIRA) wrote:
2) On the other hand, a customer whose authentication service treats Edward and
EdWard as the same username is not going to want to have to grant shutdown
privilege to every casing combination.
No scheme would require that. Remember authentication and authorization
are different. Authorization is entirely within Derby's realm,
unaffected by the authentication that proceeded it. For this case the
text within the policy file will be either:
// Format of Principal's name corresponds to SYSUID
SystemPrincipal "EDWARD";
or any *one* of the following
// Format of Principal's name corresponds to user identifier
// and thus matches Derby's existing way to specify a user
// in other Java constructs.
SystemPrincipal "edward"
SystemPrincipal "EdWard"
SystemPrincipal "EDWArD" // etc. etc.
This is of course assuming that system user handling continues with its
current rules that follow database user handling.
Dan.
