[jira] Updated: (DERBY-464) Enhance Derby by adding grant/revoke support. Grant/Revoke provide finner level of privileges than currently provided by Derby that is especially useful in network configurations.

[Mamta A. Satoor (JIRA)]

     [ http://issues.apache.org/jira/browse/DERBY-464?page=all ]

Mamta A. Satoor updated DERBY-464:
----------------------------------

    Derby Info: [Patch Available]

> Enhance Derby by adding grant/revoke support. Grant/Revoke provide finner 
> level of privileges than currently provided by Derby that is especially 
> useful in network configurations.
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-464
>                 URL: http://issues.apache.org/jira/browse/DERBY-464
>             Project: Derby
>          Issue Type: New Feature
>          Components: SQL
>    Affects Versions: 10.0.2.1, 10.1.1.0, 10.2.0.0
>         Environment: generic
>            Reporter: Satheesh Bandaram
>         Assigned To: Satheesh Bandaram
>             Fix For: 10.2.0.0
>
>         Attachments: changeDescriptionPartII, grantRevoke.patch.Dec5, 
> grantRevoke.stat.Dec5, GrantRevokePartII.stat, GrantRevokePartII.txt, 
> GrantRevokePartII.txt, grantRevokeSpec.html, grantRevokeSpec_v2.html, 
> grantRevokeSpec_v3.html, grantRevokeSpec_v4.html, Privileges.java, 
> Privileges2.java
>
>
> Derby currently provides a very simple permissions scheme, which is quite 
> suitable for an embedded database system. End users of embedded Derby do not 
> see Derby directly; they talk to a application that embeds Derby. So Derby 
> left most of the access control work to the application. Under this scheme, 
> Derby limits access on a per database or per system basis. A user can be 
> granted full, read-only, or no access. 
> This is less suitable in a general purpose SQL server. When end users or 
> diverse applications can issue SQL commands directly against the database, 
> Derby must provide more precise mechanisms to limit who can do what with the 
> database.
> I propose to enhance Derby by implementing a subset of grant/revoke 
> capabilities as specified by the SQL standard. I envision this work to 
> involve the following tasks, at least:
> 1) Develop a specification of what capabilities I would like to add to Derby.
> 2) Provide a high level implementation scheme.
> 3) Pursue a staged development plan, with support for DDL added to Derby 
> first.
> 4) Add support for runtime checking of these privileges.
> 5) Address migration and upgrade issues from previous releases and from old 
> scheme to newer database.
> Since I think this is a large task, I would like to invite any interested 
> people to work with me on this large and important enhancement to Derby.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira