[
https://issues.apache.org/jira/browse/DERBY-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467930
]
Rick Hillegas commented on DERBY-2206:
--------------------------------------
I think that giving a user the power to set all database properties is pretty
much a statement that they are a DBA. Combine that with the restrictions on who
is allowed to install jar files and I don't see much security added by
requiring USAGE on the specific jars in derby.database.classpath. It is easier
for me to reason about this privilege if its meaning is just defined by the SQL
standard.
I agree that jar ids only make sense if sql authorization is turned on. Thanks
for bringing this up.
> Provide complete security model for Java routines
> -------------------------------------------------
>
> Key: DERBY-2206
> URL: https://issues.apache.org/jira/browse/DERBY-2206
> Project: Derby
> Issue Type: New Feature
> Components: Security, SQL
> Reporter: Rick Hillegas
>
> Add GRANT/REVOKE mechanisms to control which jar files can be mined for
> user-created objects such as Functions and Procedures. In the future this may
> include Aggregates and Function Tables also. The issues are summarized on the
> following wiki page: http://wiki.apache.org/db-derby/JavaRoutineSecurity.
> Plugin management can be tracked by this JIRA rather than by DERBY-2109. This
> is a master JIRA to which subtasks can be linked.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
