Rick Hillegas (JIRA) wrote:
2) Unfamiliar api. Oracle, DB2, Postgres, and MySQL all handle system privileges in different ways. Picking one of these models would still result in an api that's unfamiliar to many people. That said, these databases do tend to use GRANT/REVOKE for system privileges, albeit each in its own peculiar fashion. I agree that GRANT/REVOKE is an easier model to learn than Java Security. I think however, that the complexity of Java Security is borne by the derby-dev developer, not by the customer. Creating a policy file is very easy and our user documentation gives simple examples which the naive user can just crib. With adequate user documentation, I think this approach would be straightforward for the customer.
I must respectfully disagree that "creating a policy file is very easy." I think it's a royal PITA - the syntax is complex, nonintuitive and unforgiving.
Can we provide a GRANT/REVOKE interface on top of an implementation that uses JAAS?
