Allow database user to execute stored procedures with same permissions as
database owner
----------------------------------------------------------------------------------------
Key: DERBY-4551
URL: https://issues.apache.org/jira/browse/DERBY-4551
Project: Derby
Issue Type: Improvement
Affects Versions: 10.5.3.0
Reporter: Tushar Kale
Curretnly there is no way to hide data and database structure in embedded derby
from the end user.
One way to accomplish the above requirement is as follows:
1. Create encrypted database so data is protected
2. Enable authentication and sql authorization in database
3. Create two users, dbUser and dbOwner
4. Store application logic as stored procedure in the databse so dbUser does
not know what tables are accecced by the application logic, thus hiding table
structure
5. Revoke select permission from dbUser so he cannot describe tables thus
protecting table structures
6. Give only Execute permissions on stored procedures to dbUser
The above steps will ensure that data and data structure is hidden when
application is delivered to end user.
The problem is, if user does not have select permission, the stored procedures
will not execute. So I am requesting the following enhancement to Derby:
If dbOwner has given Execure permission to stored procecure to a dbUser, then
allow stored procedure to execute even if the dbUser has no select permission.
In otherwords, When dbUser calls stored procedure, database will use dbOwners
authorization to execute stored procedure rather than dbUsers.
This may be implemented by creating new permission called RunAsDbOwner.
DbOwner can then grant permission to dbUser to execute a stored procedure with
RunAsDbOwner.
If this is implemented, applications can be created which will truely hide the
database structure and data from end users. Database will behave as a blackbox
with only in/out data exposed in stored procedures.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
