Hi, > I'm not sure if this functionality falls under the existing roadmap feature > "Access rights: finer grained access control (grant access for specific > functions)".
Yes, I think it does. > create new database schema's > "ALTER ANY SCHEMA" (an MS SQL Server syntax that I've never used) rather > than three rights "CREATE SCHEMA", "DROP SCHEMA", "MODIFY SCHEMA". The syntax "alter any schema" is OK. It seems there is no standard way to describe this. > 1. Is this a reasonable enhancement request? Yes, sure. Thanks a lot for describing the use case. > 2. Is the syntax "GRANT ALTER ANY SCHEMA TO <user>" compatible with future > objectives of H2? Yes. > 3. In case I find the time write this patch, is the correct approach to > define a new H2 right (or 3 if I make each right independent) and then check > for this right/these rights in the DDL classes CreateSchema, DropSchema, > AlterSchema? That's a good question. The minimal solution would be to add just one new right: ALTER_ANY_SCHEMA. As this is an implementation detail and not stored anywhere, this could be changed later if required. > From what I can see the current H2 right checks refer to > specific tables (e.g. User.hasRight(Table table, int rightMask)) - so should > this be extended to support database level right checks? Or should such > checks be implimented elsewhere I think the method could be kept, but just pass the new right mask, and null for the table. Later on, a new method could be created. > I am aware that this is only half of the solution as in order to make use of > newly created schemas Users also require the future H2 road mapped feature > "GRANT ALL ON * TO <user>". Would a user that has the right "alter any schema" also be allowed to modify data? I kind of think that would make sense, even if not compatible with MS SQL Server. At least as long as there is no "GRANT ALL ON * TO <user>". Regards, Thomas -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/h2-database?hl=en.
