Hi Tiago, Did you set 'derby.database.sqlAuthorization=TRUE' *before* creating the database?
If not, you would have to specifically set it for this database using: ij> CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.sqlAuthorization','true'); http://db.apache.org/derby/docs/dev/devguide/cdevcsecure866060.html Otherwise, make sure your derby.properties is actually accessed by the Derby instance - For example, try to connect with an incorrect password and see if it denies the connection for a user. --francois On Sat, Apr 4, 2009 at 5:03 AM, Tiago Espinha <ti...@espinhas.net> wrote: > Hi everyone, > > I am testing the SQL Roles for the 10.5 buddy testing and I'm facing > some issues. By following the documentation, I have created the > following derby.properties file: > > derby.connection.requireAuthentication=TRUE > derby.database.sqlAuthorization=TRUE > derby.authentication.provider=BUILTIN > derby.user.adm=java > derby.user.tiago=espinha > > Now, the steps I've followed afterwards (on ij) are: > > connect > 'jdbc:derby://localhost:1527/goodone;create=true;user=adm;password=java'; > > And the database gets created properly. Then I proceed to create a > test table, while still logged in as 'adm': > > create table t2 (f1 int, f2 varchar(20)); > > Then I disconnect; from the server and connect back on, this time with > the user 'tiago': > > connect > 'jdbc:derby://localhost:1527/goodone;user=tiago;password=espinha'; > > At this point I am logged in but, opposed to what I would think, I > have access to the table I just created with 'adm'. I do have to > specify the 'adm' schema to access it but I do not have any > restrictions whatsoever. I can INSERT, SELECT and even DROP the table > without any restriction. By default I should not have any privileges > at all over the table adm.t2 should I? > > Can someone help me out and tell me what exactly am I doing wrong? > Keep in mind that I would like to have only the SQL authentication > turned on. > > Thanks in advance, > Tiago >