You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "David W. Van Couvering" <Da...@Sun.COM> on 2006/02/09 15:06:42 UTC

Re: Grant and Revoke, Part II ... DERBY-464...

Thanks, Satheesh.   FYI, Francois is in France for a family emergency, 
so you may not hear from him.

David

Satheesh Bandaram wrote:
> I am getting ready to submit a patch for review, that adds parts of 
> Grant and Revoke Part II support. With this patch, I am trying to 
> enforce table privileges that are granted to users using Part I patch 
> that is already submitted. After this patch, I will work on adding 
> upgrade support to upgrade a 10.1 database to 10.2, JDBC metadata 
> changes and migration model for legacy database to enable grant and 
> revoke functionality. Once all these changes are done, I will then try 
> to address other parts of the spec, like routine privileges, views and 
> triggers. Let me know if there are any concerns or comments on this plan.
> 
> I am not sure if previous discussion about migrating a legacy mode 
> database to Grant Revoke model was finalized. It seems there were two 
> thoughts:
> 
>    1. Keep authorization models separate. Legacy mode database can be
>       migrated to sqlStandard model by connecting with a URL property.
>       (sqlAuthorization=true)
>    2. Dan proposed combining both models with Grant and Revoke
>       capability being seen as adding fine-grain access control on top
>       of current model. While this proposal doesn't impact Grant and
>       Revoke work being done currently by much, it may have implications
>       on some future work. (like system privileges) This does make it
>       easier for existing databases to adapt new capabilities.
> 
> Satheesh
> 
> Daniel John Debrunner wrote:
> 
>>Satheesh Bandaram wrote:
>>  
>>
>>>I think mixing both will lead to confusion to users many already
>>>familiar with the ansi subset model being proposed. This will also
>>>create hurdles as we expand authorization scheme to support roles and
>>>"system privileges" as Francois calls them and other security capabilities.
>>>    
>>>
>>
>>I'm more proposing this to deal with existing Derby applications and
>>finding an easy way to bring them into the new world of grant revoke.
>>Users familiar with the ansi subset model would just use that, no need
>>to get involved with the defaultConnectionModel. Though until roles and
>>system privileges is supported, they might need to to ensure a secure
>>system. I haven't seen any proposal on these roles or system privileges
>>so I'm looking at how secure Derby will be in its next release given
>>what has been proposed and is being worked on.
>>
>>Dan.
>>