[ 
http://issues.apache.org/jira/browse/DERBY-1646?page=comments#action_12425909 ] 
            
Laura Stewart commented on DERBY-1646:
--------------------------------------

I was very unhappy with the content of the file that describes setting the 
default access mode.
So based on your comments I reworded it.  Please let me know if there is 
anything amiss...


Setting the default access mode

There are two properties that control the default access mode for database 
objects, the derby.database.defaultConnectionMode property and the 
derby.database.sqlAuthorization property.

The default settings for these properties allow anyone to access and drop the 
database objects that you create. The default setting for the 
derby.database.defaultConnectionMode property is fullAccess and the default 
setting for the derby.database.sqlAuthorization property is FALSE. You can 
change the default access mode by specify different settings for these 
properties.

These properties work together: 

When the derby.database.sqlAuthorization property is FALSE, the default access 
mode is determined by the setting for the derby.database.defaultConnectionMode 
property. If the derby.database.defaultConnectionMode property is set to 
readOnlyAccess, users can access (read) database all of the objects but they 
cannot update or drop the objects. 

When the derby.database.sqlAuthorization property is TRUE, the default access 
mode is restricted to the owner of the database objects. The owner must grant 
permission for others to access the database objects. No one but the owner of 
an object can drop the object. 

The access mode specified for the derby.database.sqlAuthorization property 
overrides the permissions that are granted by the owner of a database object. 
For example, if a user is granted INSERT privileges on a table but the user 
only has read-only connection authorization, the user cannot insert data into 
the table. 

Derby validates the database authorization properties when you set the 
properties. A user authorization exception is returned if you specify an 
invalid value when you set these properties.

derby.database.defaultConnectionMode property
The derby.database.defaultConnectionMode property controls the default 
authorization when users connect to the database.
The valid settings for the derby.database.defaultConnectionMode property are:

noAccess 
readOnlyAccess 
fullAccess 

The default value is fullAccess. 

derby.database.sqlAuthorization property
The derby.database.sqlAuthorization property controls the ability for object 
owners to grant and revoke permission for users to perform actions on database 
objects.
The valid settings for the derby.database.sqlAuthorization property are:

TRUE 
FALSE 

The default value is FALSE.

> Documentation to address Grant/Revoke Authorization for 
> views/triggers/constraints/routines(DERBY-1330)
> -------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1646
>                 URL: http://issues.apache.org/jira/browse/DERBY-1646
>             Project: Derby
>          Issue Type: New Feature
>          Components: Documentation
>    Affects Versions: 10.2.0.0
>            Reporter: Mamta A. Satoor
>         Assigned To: Laura Stewart
>
> Creating a separate jira entry for documentation of Grant/Revoke 
> Authorization for views/triggers/constraints/routines(Engine changes are 
> going as part of DERBY-1330).
> Will link this jira entry to DERBY-1330

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Reply via email to