Re: Grant and Revoke ... DERBY-464...

[Daniel John Debrunner <dj...@debrunners.com>]

Satheesh Bandaram wrote:

> Hi
> 
> I just attached my proposal to enhance Derby by adding Grant and Revoke
> capability to DERBY-464
> <http://issues.apache.org/jira/browse/DERBY-464>. Hope this leads to
> many other enhancements to Derby in the access-control and security
> areas to make Derby much more capable in client-server configurations.
> 
[snip]
> 
> When a table, view, function, or procedure is created its owner
> (creator) has full privileges on it. No other user has any privileges on
> it until the owner grants privileges.

Can those permissions, the owner's, be revoked?

Ie. if I a create table, can I then revoke DELETE permission on it, from
myself? So that no-one can perform a DELETE.

Dan.

Re: Grant and Revoke ... DERBY-464...

[Daniel John Debrunner <dj...@debrunners.com>]

Satheesh Bandaram wrote:

> I wasn't planning on supporting that... An authorization ID can not
> revoke a privilege from itself... Same as when an authorization ID tries
> to GRANT itself some privilege.

OK, just wanted to confirm what was being proposed.

Thanks,
Dan.


> 
> Satheesh
> 
> Daniel John Debrunner wrote:
> 
> 
>>Can those permissions, the owner's, be revoked?
>>
>>Ie. if I a create table, can I then revoke DELETE permission on it, from
>>myself? So that no-one can perform a DELETE.
>>
>>Dan.
>>
>>
>>
>>
>> 
>>
> 
> 
> 

Re: Grant and Revoke ... DERBY-464...

[Satheesh Bandaram <sa...@Sourcery.Org>]

I wasn't planning on supporting that... An authorization ID can not
revoke a privilege from itself... Same as when an authorization ID tries
to GRANT itself some privilege.

Satheesh

Daniel John Debrunner wrote:

>Can those permissions, the owner's, be revoked?
>
>Ie. if I a create table, can I then revoke DELETE permission on it, from
>myself? So that no-one can perform a DELETE.
>
>Dan.
>
>
>
>
>  
>