Hello François, I believe I had indeed set that property before creating the database. Just to be sure, I did as you said and set it as a database property by calling that statement. However, after doing so, I'm still able to access the 'adm.t2' table as I wish from the 'tiago' user.
I'm also sure that Derby is seeing the correct properties file. I tried to login with a wrong password and I wasn't allowed in. Any more ideas? Tiago On Sat, Apr 4, 2009 at 9:35 PM, Francois Orsini <francois.ors...@gmail.com>wrote: > Hi Tiago, > > Did you set 'derby.database.sqlAuthorization=TRUE' *before* creating the > database? > > If not, you would have to specifically set it for this database using: > ij> CALL > SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.sqlAuthorization','true'); > > http://db.apache.org/derby/docs/dev/devguide/cdevcsecure866060.html > > Otherwise, make sure your derby.properties is actually accessed by the > Derby instance - For example, try to connect with an incorrect password and > see if it denies the connection for a user. > > --francois > > > On Sat, Apr 4, 2009 at 5:03 AM, Tiago Espinha <ti...@espinhas.net> wrote: > >> Hi everyone, >> >> I am testing the SQL Roles for the 10.5 buddy testing and I'm facing >> some issues. By following the documentation, I have created the >> following derby.properties file: >> >> derby.connection.requireAuthentication=TRUE >> derby.database.sqlAuthorization=TRUE >> derby.authentication.provider=BUILTIN >> derby.user.adm=java >> derby.user.tiago=espinha >> >> Now, the steps I've followed afterwards (on ij) are: >> > connect >> 'jdbc:derby://localhost:1527/goodone;create=true;user=adm;password=java'; >> >> And the database gets created properly. Then I proceed to create a >> test table, while still logged in as 'adm': >> > create table t2 (f1 int, f2 varchar(20)); >> >> Then I disconnect; from the server and connect back on, this time with >> the user 'tiago': >> > connect >> 'jdbc:derby://localhost:1527/goodone;user=tiago;password=espinha'; >> >> At this point I am logged in but, opposed to what I would think, I >> have access to the table I just created with 'adm'. I do have to >> specify the 'adm' schema to access it but I do not have any >> restrictions whatsoever. I can INSERT, SELECT and even DROP the table >> without any restriction. By default I should not have any privileges >> at all over the table adm.t2 should I? >> >> Can someone help me out and tell me what exactly am I doing wrong? >> Keep in mind that I would like to have only the SQL authentication >> turned on. >> >> Thanks in advance, >> Tiago >> > >