[ http://issues.apache.org/jira/browse/DERBY-464?page=all ]
Satheesh Bandaram updated DERBY-464:
------------------------------------
Attachment: GrantRevokePartII.txt
I am attaching Grant and Revoke, Part II patch to implement authorization
scheme. This patch enforces permission checks that part I patch records in
system catalogs. I am still adding more test cases and need to update
functional spec with some review comments. Let me know if anyone has any
comments or have trouble applying the patch. I moved some grant revoke tests,
so may confuse patch program.
Next I will work on implementing authorization for Trigger, View and
Constraints, followed by some upgrade, migration and metadata changes.
> Enhance Derby by adding grant/revoke support. Grant/Revoke provide finner
> level of privileges than currently provided by Derby that is especially
> useful in network configurations.
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-464
> URL: http://issues.apache.org/jira/browse/DERBY-464
> Project: Derby
> Type: New Feature
> Components: SQL
> Versions: 10.0.2.1, 10.1.1.0, 10.2.0.0
> Environment: generic
> Reporter: Satheesh Bandaram
> Assignee: Satheesh Bandaram
> Attachments: GrantRevokePartII.txt, grantRevoke.patch.Dec5,
> grantRevoke.stat.Dec5, grantRevokeSpec.html
>
> Derby currently provides a very simple permissions scheme, which is quite
> suitable for an embedded database system. End users of embedded Derby do not
> see Derby directly; they talk to a application that embeds Derby. So Derby
> left most of the access control work to the application. Under this scheme,
> Derby limits access on a per database or per system basis. A user can be
> granted full, read-only, or no access.
> This is less suitable in a general purpose SQL server. When end users or
> diverse applications can issue SQL commands directly against the database,
> Derby must provide more precise mechanisms to limit who can do what with the
> database.
> I propose to enhance Derby by implementing a subset of grant/revoke
> capabilities as specified by the SQL standard. I envision this work to
> involve the following tasks, at least:
> 1) Develop a specification of what capabilities I would like to add to Derby.
> 2) Provide a high level implementation scheme.
> 3) Pursue a staged development plan, with support for DDL added to Derby
> first.
> 4) Add support for runtime checking of these privileges.
> 5) Address migration and upgrade issues from previous releases and from old
> scheme to newer database.
> Since I think this is a large task, I would like to invite any interested
> people to work with me on this large and important enhancement to Derby.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
