You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "David W. Van Couvering" <Da...@Sun.COM> on 2006/02/09 15:06:42 UTC
Re: Grant and Revoke, Part II ... DERBY-464...
Thanks, Satheesh. FYI, Francois is in France for a family emergency,
so you may not hear from him.
David
Satheesh Bandaram wrote:
> I am getting ready to submit a patch for review, that adds parts of
> Grant and Revoke Part II support. With this patch, I am trying to
> enforce table privileges that are granted to users using Part I patch
> that is already submitted. After this patch, I will work on adding
> upgrade support to upgrade a 10.1 database to 10.2, JDBC metadata
> changes and migration model for legacy database to enable grant and
> revoke functionality. Once all these changes are done, I will then try
> to address other parts of the spec, like routine privileges, views and
> triggers. Let me know if there are any concerns or comments on this plan.
>
> I am not sure if previous discussion about migrating a legacy mode
> database to Grant Revoke model was finalized. It seems there were two
> thoughts:
>
> 1. Keep authorization models separate. Legacy mode database can be
> migrated to sqlStandard model by connecting with a URL property.
> (sqlAuthorization=true)
> 2. Dan proposed combining both models with Grant and Revoke
> capability being seen as adding fine-grain access control on top
> of current model. While this proposal doesn't impact Grant and
> Revoke work being done currently by much, it may have implications
> on some future work. (like system privileges) This does make it
> easier for existing databases to adapt new capabilities.
>
> Satheesh
>
> Daniel John Debrunner wrote:
>
>>Satheesh Bandaram wrote:
>>
>>
>>>I think mixing both will lead to confusion to users many already
>>>familiar with the ansi subset model being proposed. This will also
>>>create hurdles as we expand authorization scheme to support roles and
>>>"system privileges" as Francois calls them and other security capabilities.
>>>
>>>
>>
>>I'm more proposing this to deal with existing Derby applications and
>>finding an easy way to bring them into the new world of grant revoke.
>>Users familiar with the ansi subset model would just use that, no need
>>to get involved with the defaultConnectionModel. Though until roles and
>>system privileges is supported, they might need to to ensure a secure
>>system. I haven't seen any proposal on these roles or system privileges
>>so I'm looking at how secure Derby will be in its next release given
>>what has been proposed and is being worked on.
>>
>>Dan.
>>