Daniel John Debrunner wrote: >Deepa Remesh (JIRA) wrote: > > > > >>It is not very clear to me from the spec how the following case should be >>handled >>- revoking permissions from dba (user who is the owner of the database). >>dba has "implicit" permissions on all objects and we cannot revoke privileges >>from dba. >> >> > >I think I've asked this before, but I'll ask again. I don't see in the >functional spec for DERBY-464 where it says the database owner has >'"implicit" permissions on all objects' > >All I see is that the database owner can create and drop any schema. > >I also see comments like: > > "Only the owner (creator) of an object can grant or revoke privileges >on that object. " > > Database owner can also grant or revoke privileges. I will update the functional specification.
Derby currently allows database owner access to any object in that database. A database owner can also create any object in other user schemas. When a database owner is operating in other user schemas, objects created by database owners would be owned by owners of the those schemas. As for Deepa's question about whether it is possible to revoke a privilege from database owner, no, it is not possible currently. Satheesh
