[
https://issues.apache.org/jira/browse/DERBY-5522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13227458#comment-13227458
]
Rick Hillegas commented on DERBY-5522:
--------------------------------------
Hi Kim,
Thanks for continuing to think about how NATIVE authentication interacts with
other Derby security features.
>Should they also be listed as deprecated and not to be documented in the
>future?
We probably want to discuss that with the broader community and understand who
(if anyone) is still using these features.
>So would you normally set up roles in the credentials db, or only in the
>clients that used it? I suppose you might want to grant different access to
>different users for different applications, so doing it in the clients would
>give you greater flexibility?
You would set up roles in each database. That's an interesting asymmetry
between Derby authentication and authorization. Authentication can be
system-wide but authorization is always database-specific. We have talked a
little about system-wide authorization but only in the context of system-wide
privileges which are not addressed by the SQL Standard (e.g., database creation
and
engine shutdown).
>So apparently behaving "as if" derby.database.sqlAuthorization is set isn't
>good enough for CREATE ROLE?
I am unable to reproduce this behavior. Is it possible that you didn't reboot
the database after turning on NATIVE authentication but before trying to create
a role? I don't think that the functional spec touched this point: the
derby.authentication.provider property continues to be one of the properties
which doesn't take effect until you bounce the database.
If you did bounce the database, then I don't know what's happening. Could you
attach the latest version of your test program so that I can look into this one?
Thanks,
-Rick
> Document the NATIVE authentication scheme.
> ------------------------------------------
>
> Key: DERBY-5522
> URL: https://issues.apache.org/jira/browse/DERBY-5522
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.9.0.0
> Reporter: Rick Hillegas
> Assignee: Kim Haase
> Attachments: NativeAuthExampleEmbedded.java,
> NativeAuthExampleEmbedded.java, NativeAuthExampleEmbedded.java
>
>
> We should document NATIVE authentication after we have implemented the
> changes described on DERBY-866. The documentation changes are described by
> the functional spec UserManagement.html attached to that issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
