You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <ji...@apache.org> on 2007/05/31 16:47:15 UTC
[jira] Created: (DERBY-2735) Add a system procedure to set a user's
connection level authentication.
Add a system procedure to set a user's connection level authentication.
-----------------------------------------------------------------------
Key: DERBY-2735
URL: https://issues.apache.org/jira/browse/DERBY-2735
Project: Derby
Issue Type: New Feature
Components: Security
Reporter: Daniel John Debrunner
Assignee: Daniel John Debrunner
Priority: Minor
Add procedure & function to set (and get ) a user's connection authorization to full access, read-only or not defined.
Based upon the existing UserUtility class but only exposing a single procedure that sets the permission. This is to avoid any appearance that the procedure adds a user.
SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(8) CONNECTION_PERMISSION)
Valid values for CONNECTION_PERMISSION
FULL - Add the user to the list of full access users for the database, i.e. the database property derby.database.fullAccessUsers)
READONLY - - Add the user to the list of read-only users for the database, i.e. the database property derby.database.readOnlyAccessUsers)
NULL - remove the user from the list of permissions, reverting it to the default permission.
SYSCS_UTIL.SYSCS_GET_USER_ACCESS(VARCHAR(128) USERNAME) RETURNS VARCHAR(8)
Gets the current connection access permissions for the user, factors in the default connection mode.
Return either FULL, READONLY, NO or NULL.
(NO means connection attempt by user will be denied by the user not having an entry in derby.database.fullAccessUsers or derby.database.readOnlyAccessUsers and derby.database.defaultConnectionMode is set to noAccess)
The names of the connection permissions match the existing names in use by Derby.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Closed: (DERBY-2735) Add a system procedure to set a user's connection level authorization.
Posted by Myrna van Lunteren <m....@gmail.com>.
On 6/6/07, Daniel John Debrunner (JIRA) <ji...@apache.org> wrote:
>
> [ https://issues.apache.org/jira/browse/DERBY-2735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>
> Daniel John Debrunner closed DERBY-2735.
> ----------------------------------------
>
> Resolution: Fixed
>
> Routines have been added with minor changes to the above.
>
> 1) Type of the permission changed to a VARCHAR(128)
>
> SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(128) CONNECTION_PERMISSION)
> SYSCS_UTIL.SYSCS_GET_USER_ACCESS(VARCHAR(128) USERNAME) RETURNS VARCHAR(128)
>
> 2) Values for the connection permission changed to match the property settiing explicitly
>
> NOACCESS
> FULLACCESS
> READONLYACCESS
>
> all case insensitive.
>
I've been wondering about these procedures, do they need to get
documented in the user documentation somewhere?
Thx,
Myrna
[jira] Commented: (DERBY-2735) Add a system procedure to set a
user's connection level authorization.
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12526609 ]
Daniel John Debrunner commented on DERBY-2735:
----------------------------------------------
Not sure what you are asking Laura. If you look at the reference pages for other procedures/functions you'll see that the definition of the procedures include the type definitions of each parameter.
E.g.
http://db.apache.org/derby/docs/dev/ref/rrefimportdataproc.html
> Add a system procedure to set a user's connection level authorization.
> ----------------------------------------------------------------------
>
> Key: DERBY-2735
> URL: https://issues.apache.org/jira/browse/DERBY-2735
> Project: Derby
> Issue Type: New Feature
> Components: Security
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Minor
> Fix For: 10.3.1.4
>
>
> Add procedure & function to set (and get ) a user's connection authorization to full access, read-only or not defined.
> Based upon the existing UserUtility class but only exposing a single procedure that sets the permission. This is to avoid any appearance that the procedure adds a user.
> SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(8) CONNECTION_PERMISSION)
> Valid values for CONNECTION_PERMISSION
> FULL - Add the user to the list of full access users for the database, i.e. the database property derby.database.fullAccessUsers)
> READONLY - - Add the user to the list of read-only users for the database, i.e. the database property derby.database.readOnlyAccessUsers)
> NULL - remove the user from the list of permissions, reverting it to the default permission.
> SYSCS_UTIL.SYSCS_GET_USER_ACCESS(VARCHAR(128) USERNAME) RETURNS VARCHAR(8)
> Gets the current connection access permissions for the user, factors in the default connection mode.
> Return either FULL, READONLY, NO or NULL.
> (NO means connection attempt by user will be denied by the user not having an entry in derby.database.fullAccessUsers or derby.database.readOnlyAccessUsers and derby.database.defaultConnectionMode is set to noAccess)
> The names of the connection permissions match the existing names in use by Derby.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-2735) Add a system procedure to set a
user's connection level authorization.
Posted by "Laura Stewart (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518197 ]
Laura Stewart commented on DERBY-2735:
--------------------------------------
Hi Dan - I am going to document these procedures as part of Derby-2914. I just want to be certain that I understand the syntax...
SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(128) CONNECTION_PERMISSION)
means
SYSCS_UTIL.SYSCS_SET_USER_ACCESS(USERNAME. CONNECTION_PERMISSION)
Where USERNAME and CONNECTION_PERMISSION are both VARCHARs with a max of 128 characters... yes?
> Add a system procedure to set a user's connection level authorization.
> ----------------------------------------------------------------------
>
> Key: DERBY-2735
> URL: https://issues.apache.org/jira/browse/DERBY-2735
> Project: Derby
> Issue Type: New Feature
> Components: Security
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Minor
> Fix For: 10.3.0.0
>
>
> Add procedure & function to set (and get ) a user's connection authorization to full access, read-only or not defined.
> Based upon the existing UserUtility class but only exposing a single procedure that sets the permission. This is to avoid any appearance that the procedure adds a user.
> SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(8) CONNECTION_PERMISSION)
> Valid values for CONNECTION_PERMISSION
> FULL - Add the user to the list of full access users for the database, i.e. the database property derby.database.fullAccessUsers)
> READONLY - - Add the user to the list of read-only users for the database, i.e. the database property derby.database.readOnlyAccessUsers)
> NULL - remove the user from the list of permissions, reverting it to the default permission.
> SYSCS_UTIL.SYSCS_GET_USER_ACCESS(VARCHAR(128) USERNAME) RETURNS VARCHAR(8)
> Gets the current connection access permissions for the user, factors in the default connection mode.
> Return either FULL, READONLY, NO or NULL.
> (NO means connection attempt by user will be denied by the user not having an entry in derby.database.fullAccessUsers or derby.database.readOnlyAccessUsers and derby.database.defaultConnectionMode is set to noAccess)
> The names of the connection permissions match the existing names in use by Derby.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-2735) Add a system procedure to set a user's
connection level authorization.
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel John Debrunner updated DERBY-2735:
-----------------------------------------
Summary: Add a system procedure to set a user's connection level authorization. (was: Add a system procedure to set a user's connection level authentication.)
> Add a system procedure to set a user's connection level authorization.
> ----------------------------------------------------------------------
>
> Key: DERBY-2735
> URL: https://issues.apache.org/jira/browse/DERBY-2735
> Project: Derby
> Issue Type: New Feature
> Components: Security
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Minor
>
> Add procedure & function to set (and get ) a user's connection authorization to full access, read-only or not defined.
> Based upon the existing UserUtility class but only exposing a single procedure that sets the permission. This is to avoid any appearance that the procedure adds a user.
> SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(8) CONNECTION_PERMISSION)
> Valid values for CONNECTION_PERMISSION
> FULL - Add the user to the list of full access users for the database, i.e. the database property derby.database.fullAccessUsers)
> READONLY - - Add the user to the list of read-only users for the database, i.e. the database property derby.database.readOnlyAccessUsers)
> NULL - remove the user from the list of permissions, reverting it to the default permission.
> SYSCS_UTIL.SYSCS_GET_USER_ACCESS(VARCHAR(128) USERNAME) RETURNS VARCHAR(8)
> Gets the current connection access permissions for the user, factors in the default connection mode.
> Return either FULL, READONLY, NO or NULL.
> (NO means connection attempt by user will be denied by the user not having an entry in derby.database.fullAccessUsers or derby.database.readOnlyAccessUsers and derby.database.defaultConnectionMode is set to noAccess)
> The names of the connection permissions match the existing names in use by Derby.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-2735) Add a system procedure to set a user's
connection level authorization.
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel John Debrunner updated DERBY-2735:
-----------------------------------------
Fix Version/s: 10.3.0.0
> Add a system procedure to set a user's connection level authorization.
> ----------------------------------------------------------------------
>
> Key: DERBY-2735
> URL: https://issues.apache.org/jira/browse/DERBY-2735
> Project: Derby
> Issue Type: New Feature
> Components: Security
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Minor
> Fix For: 10.3.0.0
>
>
> Add procedure & function to set (and get ) a user's connection authorization to full access, read-only or not defined.
> Based upon the existing UserUtility class but only exposing a single procedure that sets the permission. This is to avoid any appearance that the procedure adds a user.
> SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(8) CONNECTION_PERMISSION)
> Valid values for CONNECTION_PERMISSION
> FULL - Add the user to the list of full access users for the database, i.e. the database property derby.database.fullAccessUsers)
> READONLY - - Add the user to the list of read-only users for the database, i.e. the database property derby.database.readOnlyAccessUsers)
> NULL - remove the user from the list of permissions, reverting it to the default permission.
> SYSCS_UTIL.SYSCS_GET_USER_ACCESS(VARCHAR(128) USERNAME) RETURNS VARCHAR(8)
> Gets the current connection access permissions for the user, factors in the default connection mode.
> Return either FULL, READONLY, NO or NULL.
> (NO means connection attempt by user will be denied by the user not having an entry in derby.database.fullAccessUsers or derby.database.readOnlyAccessUsers and derby.database.defaultConnectionMode is set to noAccess)
> The names of the connection permissions match the existing names in use by Derby.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (DERBY-2735) Add a system procedure to set a user's
connection level authorization.
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-2735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel John Debrunner closed DERBY-2735.
----------------------------------------
Resolution: Fixed
Routines have been added with minor changes to the above.
1) Type of the permission changed to a VARCHAR(128)
SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(128) CONNECTION_PERMISSION)
SYSCS_UTIL.SYSCS_GET_USER_ACCESS(VARCHAR(128) USERNAME) RETURNS VARCHAR(128)
2) Values for the connection permission changed to match the property settiing explicitly
NOACCESS
FULLACCESS
READONLYACCESS
all case insensitive.
> Add a system procedure to set a user's connection level authorization.
> ----------------------------------------------------------------------
>
> Key: DERBY-2735
> URL: https://issues.apache.org/jira/browse/DERBY-2735
> Project: Derby
> Issue Type: New Feature
> Components: Security
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Minor
> Fix For: 10.3.0.0
>
>
> Add procedure & function to set (and get ) a user's connection authorization to full access, read-only or not defined.
> Based upon the existing UserUtility class but only exposing a single procedure that sets the permission. This is to avoid any appearance that the procedure adds a user.
> SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(8) CONNECTION_PERMISSION)
> Valid values for CONNECTION_PERMISSION
> FULL - Add the user to the list of full access users for the database, i.e. the database property derby.database.fullAccessUsers)
> READONLY - - Add the user to the list of read-only users for the database, i.e. the database property derby.database.readOnlyAccessUsers)
> NULL - remove the user from the list of permissions, reverting it to the default permission.
> SYSCS_UTIL.SYSCS_GET_USER_ACCESS(VARCHAR(128) USERNAME) RETURNS VARCHAR(8)
> Gets the current connection access permissions for the user, factors in the default connection mode.
> Return either FULL, READONLY, NO or NULL.
> (NO means connection attempt by user will be denied by the user not having an entry in derby.database.fullAccessUsers or derby.database.readOnlyAccessUsers and derby.database.defaultConnectionMode is set to noAccess)
> The names of the connection permissions match the existing names in use by Derby.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.