On 7/1/17 9:20 PM, Robinson Ma wrote:
Hi Derby Contributors,
I have one proposal for Derby.
Currently in Derby, it can only grant permission on tables. It is nice
that if it can grant permission based on schema. One additional thing
is that when drop and recreate a table with the same name under same
schema, the permission has to be grant again.
Is there anyone who can give me some guide on this project? Right now,
I am reading user documents and architecture design document of Derby.
Thanks in advance.
On Wed, May 10, 2017 at 10:24 PM, Robinson Ma
<robinson.ma.hao...@gmail.com <mailto:robinson.ma.hao...@gmail.com>>
wrote:
Hi Derby Contributors,
My name is Robin, I am a newbie for derby. I'd like to join the
project and make contribution to this project. I have been using
Derby for a while and find out that permission granting in Derby
is trivial. For example, it can only grant permission on tables.
It is nice that if it can grant permission based on schema. One
additional thing is that when drop and recreate a table with the
same name under same schema, the permission has to be grant again.
Is there anyone who can give me some guide on this project? Right
now, I am reading user documents and architecture design document
of Derby.
Thanks in advance.
Robin
Hi Robin,
Welcome to Derby. Contributions are always welcome!
1) Derby supports a subset of the privileges defined by the SQL
Standard. According to the 2016 Standard, part 2, section 12.3
(<privileges>), the Standard privileges are...
SELECT
| SELECT <left paren> <privilege column list> <right paren>
| SELECT <left paren> <privilege method list> <right paren>
| DELETE
| INSERT [ <left paren> <privilege column list> <right paren> ]
| UPDATE [ <left paren> <privilege column list> <right paren> ]
| REFERENCES [ <left paren> <privilege column list> <right paren> ]
| USAGE
| TRIGGER
| UNDER
| EXECUTE
...and they can be granted to the following schema objects...
[ TABLE ] <table name>
| DOMAIN <domain name>
| COLLATION <collation name>
| CHARACTER SET <character set name>
| TRANSLATION <transliteration name>
| TYPE <schema-resolved user-defined type name>
| SEQUENCE <sequence generator name>
| <specific routine designator>
The Standard does not define any privileges which are granted to
schemas. What did you have in mind?
2) Can you explain more about the problem you are experiencing when you
drop a table and have to recreate it along with its associated
privileges? There may be some solution involving the dblook tool as
described in the Tools Guide:
http://db.apache.org/derby/docs/10.13/tools/ctoolsdblook.html
I would say that the incomplete implementation of CASCADE semantics is
the major hole in Derby's implementation of Standard access controls.
Would you be interested in working on that problem? I could coach you
through the code.
Hope this is helpful,
-Rick
