Ronald Bradford wrote:
Hi Roy,
My question was not if there was an alternative, my question was how are
we going to implement it.
For example, Jay's syntax included IDENTIFIED BY. By definition, is
CREATE USER needed now? is IDENTIFIED needed now? User authentication
is managed externally.
If I remember correctly, user authentication is managed externally in the Derby
database, aka Java DB. You may have a look at how they manage user identifiers.
I think they were having some challenges because of not having internal user ids.
I would see no reason not to have a GRANT and REVOKE syntax. It would
be good for somebody to determine what part of the current MySQL syntax
is not ANSI SQL.
I was more interested in knowing how the Drizzle team were planning on
implementing something as I had no information on it.
Jay's questions are a good point, when and how is it executed is the
first path. How it's implemented is the next step. What syntax is used,
GRANT/REVOKE is really the only SQL syntax option. What external system
is used behind the API, and then for example what other means there are
to create permissions in addition to SQL syntax would also be interesting.
Two challenges: separation of preparation and execution, and integration with
the metadata access interfaces.
Roy
Regards
Ronald
On Mon, Sep 21, 2009 at 11:56 AM, Roy Lyseng <[email protected]
<mailto:[email protected]>> wrote:
Hi Ronald,
is there any alternative to the SQL standard privilege system?
Regards,
Roy
Ronald Bradford wrote:
Hi All,
I have been working initially on the Authentication models that
are currently being offered for Drizzle, PAM, LDAP(via PAM),
Http Auth. Thanks to Eric for helping me fix one of three
identified bugs there.
What I am unclear of is the policy or thought for user
permissions within Drizzle after user authentication. I'd
consider this an important packaging requirement but I am
unclear if anything is defined for Bell. I will give you a
clear example.
How do you plan to restrict users to not creating or altering
objects for example?
How do you plan to restrict users to read only verses read write?
Regards
Ronald
------------------------------------------------------------------------
_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
<https://launchpad.net/%7Edrizzle-discuss>
Post to : [email protected]
<mailto:[email protected]>
Unsubscribe : https://launchpad.net/~drizzle-discuss
<https://launchpad.net/%7Edrizzle-discuss>
More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to : [email protected]
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help : https://help.launchpad.net/ListHelp
