You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by Robinson Ma <ro...@gmail.com> on 2017/07/02 04:20:57 UTC

Re: Interested in contributing codes to Derby

Hi Derby Contributors,

I have one proposal for Derby.

Currently in Derby, it can only grant permission on tables. It is nice that
if it can grant permission based on schema. One additional thing is that
when drop and recreate a table with the same name under same schema, the
permission has to be grant again.

Is there anyone who can give me some guide on this project? Right now, I am
reading user documents and architecture design document of Derby.

Thanks in advance.

On Wed, May 10, 2017 at 10:24 PM, Robinson Ma <ro...@gmail.com>
wrote:

> Hi Derby Contributors,
>
>
> My name is Robin, I am a newbie for derby. I'd like to join the project
> and make contribution to this project. I have been using Derby for a while
> and find out that permission granting in Derby is trivial. For example, it
> can only grant permission on tables. It is nice that if it can grant
> permission based on schema. One additional thing is that when drop and
> recreate a table with the same name under same schema, the permission has
> to be grant again.
>
>
> Is there anyone who can give me some guide on this project? Right now, I
> am reading user documents and architecture design document of Derby.
>
>
> Thanks in advance.
>
>
> Robin
>
>
>

Re: Interested in contributing codes to Derby

Posted by Rick Hillegas <ri...@gmail.com>.

On 7/1/17 9:20 PM, Robinson Ma wrote:
> Hi Derby Contributors,
>
> I have one proposal for Derby.
>
> Currently in Derby, it can only grant permission on tables. It is nice 
> that if it can grant permission based on schema. One additional thing 
> is that when drop and recreate a table with the same name under same 
> schema, the permission has to be grant again.
>
>
> Is there anyone who can give me some guide on this project? Right now, 
> I am reading user documents and architecture design document of Derby.
>
>
> Thanks in advance.
>
> On Wed, May 10, 2017 at 10:24 PM, Robinson Ma 
> <robinson.ma.haojie@gmail.com <ma...@gmail.com>> 
> wrote:
>
>     Hi Derby Contributors,
>
>
>     My name is Robin, I am a newbie for derby. I'd like to join the
>     project and make contribution to this project. I have been using
>     Derby for a while and find out that permission granting in Derby
>     is trivial. For example, it can only grant permission on tables.
>     It is nice that if it can grant permission based on schema. One
>     additional thing is that when drop and recreate a table with the
>     same name under same schema, the permission has to be grant again.
>
>
>     Is there anyone who can give me some guide on this project? Right
>     now, I am reading user documents and architecture design document
>     of Derby.
>
>
>     Thanks in advance.
>
>
>     Robin
>
>
>
Hi Robin,

Welcome to Derby. Contributions are always welcome!

1) Derby supports a subset of the privileges defined by the SQL 
Standard. According to the 2016 Standard, part 2, section 12.3 
(<privileges>), the Standard privileges are...

SELECT
| SELECT <left paren> <privilege column list> <right paren>
| SELECT <left paren> <privilege method list> <right paren>
| DELETE
| INSERT  [ <left paren> <privilege column list> <right paren>  ]
| UPDATE  [ <left paren> <privilege column list> <right paren>  ]
| REFERENCES  [ <left paren> <privilege column list> <right paren>  ]
| USAGE
| TRIGGER
| UNDER
| EXECUTE

...and they can be granted to the following schema objects...

[ TABLE ] <table name>
| DOMAIN <domain name>
| COLLATION <collation name>
| CHARACTER SET <character set name>
| TRANSLATION <transliteration name>
| TYPE <schema-resolved user-defined type name>
| SEQUENCE <sequence generator name>
| <specific routine designator>

The Standard does not define any privileges which are granted to 
schemas. What did you have in mind?

2) Can you explain more about the problem you are experiencing when you 
drop a table and have to recreate it along with its associated 
privileges? There may be some solution involving the dblook tool as 
described in the Tools Guide: 
http://db.apache.org/derby/docs/10.13/tools/ctoolsdblook.html

I would say that the incomplete implementation of CASCADE semantics is 
the major hole in Derby's implementation of Standard access controls. 
Would you be interested in working on that problem? I could coach you 
through the code.

Hope this is helpful,
-Rick