[ http://issues.apache.org/jira/browse/DERBY-464?page=comments#action_12356027 ]
Satheesh Bandaram commented on DERBY-464: ----------------------------------------- Good point, Francois, about adding comments in JIRA for this one. I will add comments here. I agree ROLES would be another great addition to Derby. Like I mentioned, there are many other potential enhancements possible in access control and security areas. I usually propose ideas that I can implement and want to implement in reasonable timeframe. Incremental enhancements is the prefered way in open source. Like Rick mentioned, ROLES could be developed in parallel. I am not sure about CREATE USER/DROP USER capabilities though. Databases are not the ideal places to manage users. Derby also provides several ways to authenticate and/or manage users, including LDAP. The property based user management is only one of these options. See: http://db.apache.org/derby/docs/10.1/devguide/cdevcsecure37817.html > Enhance Derby by adding grant/revoke support. Grant/Revoke provide finner > level of privileges than currently provided by Derby that is especially > useful in network configurations. > ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: DERBY-464 > URL: http://issues.apache.org/jira/browse/DERBY-464 > Project: Derby > Type: New Feature > Components: SQL > Versions: 10.0.2.1, 10.1.1.0, 10.2.0.0 > Environment: generic > Reporter: Satheesh Bandaram > Assignee: Satheesh Bandaram > Attachments: grant.html > > Derby currently provides a very simple permissions scheme, which is quite > suitable for an embedded database system. End users of embedded Derby do not > see Derby directly; they talk to a application that embeds Derby. So Derby > left most of the access control work to the application. Under this scheme, > Derby limits access on a per database or per system basis. A user can be > granted full, read-only, or no access. > This is less suitable in a general purpose SQL server. When end users or > diverse applications can issue SQL commands directly against the database, > Derby must provide more precise mechanisms to limit who can do what with the > database. > I propose to enhance Derby by implementing a subset of grant/revoke > capabilities as specified by the SQL standard. I envision this work to > involve the following tasks, at least: > 1) Develop a specification of what capabilities I would like to add to Derby. > 2) Provide a high level implementation scheme. > 3) Pursue a staged development plan, with support for DDL added to Derby > first. > 4) Add support for runtime checking of these privileges. > 5) Address migration and upgrade issues from previous releases and from old > scheme to newer database. > Since I think this is a large task, I would like to invite any interested > people to work with me on this large and important enhancement to Derby. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
