[ http://issues.apache.org/jira/browse/DERBY-1646?page=comments#action_12425937 ] Satheesh Bandaram commented on DERBY-1646: ------------------------------------------
I have rewriten Laura's comment earlier with some updates. This being a text window, I couldn't high-light changes, sorry. I think it is important not to mix up "access mode" with "authorization". Let me know if you need any further clarifications. Setting the default access mode There are two properties that control access to database objects for users. They are derby.database.defaultConnectionMode and derby.database.sqlAuthorization. The default settings for these properties allow anyone to access and drop the database objects that you create. The default setting for the derby.database.defaultConnectionMode property is fullAccess and the default setting for the derby.database.sqlAuthorization property is FALSE. You can change the default access mode by specify different settings for these properties. These properties work together: When the derby.database.sqlAuthorization property is FALSE, ability to read or write database objects is determained by the setting for the derby.database.defaultConnectionMode property. If the derby.database.defaultConnectionMode property is set to readOnlyAccess, users can access (read) database all of the objects but they cannot update or drop the objects. When the derby.database.sqlAuthorization property is TRUE, ability to read or write database objects is further restricted to the owner of the database objects. The owner must grant permission for others to access the database objects. No one but the owner of an object can drop the object. Note that derby.database.defaultConnectionMode, if set to readOnlyAccess, allows read only access to database objects even for the owner of an object. The access mode specified for the derby.database.defaultConnectionMode property overrides the permissions that are granted by the owner of a database object. For example, if a user is granted INSERT privileges on a table but the user only has read-only connection access, the user cannot insert data into the table. Derby validates the database properties when you set the properties. A user exception is returned if you specify an invalid value when you set these properties. derby.database.defaultConnectionMode property The derby.database.defaultConnectionMode property controls the default authorization when users connect to the database. The valid settings for the derby.database.defaultConnectionMode property are: noAccess readOnlyAccess fullAccess The default value is fullAccess. derby.database.sqlAuthorization property The derby.database.sqlAuthorization property provides the ability for object owners to grant and revoke permission for users to perform actions on database objects. The valid settings for the derby.database.sqlAuthorization property are: TRUE FALSE The default value is FALSE. > Documentation to address Grant/Revoke Authorization for > views/triggers/constraints/routines(DERBY-1330) > ------------------------------------------------------------------------------------------------------- > > Key: DERBY-1646 > URL: http://issues.apache.org/jira/browse/DERBY-1646 > Project: Derby > Issue Type: New Feature > Components: Documentation > Affects Versions: 10.2.0.0 > Reporter: Mamta A. Satoor > Assigned To: Laura Stewart > > Creating a separate jira entry for documentation of Grant/Revoke > Authorization for views/triggers/constraints/routines(Engine changes are > going as part of DERBY-1330). > Will link this jira entry to DERBY-1330 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
