I agree with David on this that policy files are painful.
David Van Couvering wrote:
Rick Hillegas (JIRA) wrote:
2) Unfamiliar api. Oracle, DB2, Postgres, and MySQL all handle system
privileges in different ways. Picking one of these models would still
result in an api that's unfamiliar to many people. That said, these
databases do tend to use GRANT/REVOKE for system privileges, albeit
each in its own peculiar fashion. I agree that GRANT/REVOKE is an
easier model to learn than Java Security. I think however, that the
complexity of Java Security is borne by the derby-dev developer, not
by the customer. Creating a policy file is very easy and our user
documentation gives simple examples which the naive user can just
crib. With adequate user documentation, I think this approach would
be straightforward for the customer.
I must respectfully disagree that "creating a policy file is very
easy." I think it's a royal PITA - the syntax is complex,
nonintuitive and unforgiving.
Can we provide a GRANT/REVOKE interface on top of an implementation
that uses JAAS?
