Issue Details (XML | Word | Printable)

Key: DERBY-464
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Unassigned
Reporter: Satheesh Bandaram
Votes: 2
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Derby

Enhance Derby by adding grant/revoke support. Grant/Revoke provide finner level of privileges than currently provided by Derby that is especially useful in network configurations.

Created: 16/Jul/05 09:43 AM   Updated: 01/Jul/09 12:34 AM
Return to search
Component/s: SQL
Affects Version/s: 10.0.2.1, 10.1.1.0, 10.2.1.6
Fix Version/s: 10.2.1.6

Time Tracking:
Issue & Sub-Tasks
Issue Only
Not Specified

File Attachments:
  File Name Date Attached Attached By Size
File Licensed for inclusion in ASF works changeDescriptionPartII 2006-02-25 12:48 AM Satheesh Bandaram 4 kB
Text File Licensed for inclusion in ASF works grantRevoke.patch.Dec5 2005-12-07 12:15 AM Satheesh Bandaram 447 kB
Text File Licensed for inclusion in ASF works grantRevoke.stat.Dec5 2005-12-07 12:15 AM Satheesh Bandaram 5 kB
File Licensed for inclusion in ASF works GrantRevokePartII.stat 2006-02-25 12:48 AM Satheesh Bandaram 3 kB
Text File Licensed for inclusion in ASF works GrantRevokePartII.txt 2006-02-25 12:48 AM Satheesh Bandaram 188 kB
Text File Licensed for inclusion in ASF works GrantRevokePartII.txt 2006-02-20 11:22 PM Satheesh Bandaram 188 kB
HTML File Licensed for inclusion in ASF works grantRevokeSpec.html 2006-02-16 05:30 PM Satheesh Bandaram 27 kB
HTML File Licensed for inclusion in ASF works grantRevokeSpec_v2.html 2006-03-12 05:01 AM Satheesh Bandaram 33 kB
HTML File Licensed for inclusion in ASF works grantRevokeSpec_v3.html 2006-07-24 11:25 PM Satheesh Bandaram 29 kB
HTML File Licensed for inclusion in ASF works grantRevokeSpec_v4.html 2006-07-25 05:24 PM Mamta A. Satoor 32 kB
HTML File Licensed for inclusion in ASF works grantRevokeSpec_v4_1.html 2006-07-25 07:44 PM Mamta A. Satoor 32 kB
HTML File Licensed for inclusion in ASF works grantRevokeSpec_v5.html 2006-08-13 02:35 PM Satheesh Bandaram 32 kB
Java Source File Licensed for inclusion in ASF works Privileges.java 2006-03-29 07:49 AM Michelle Caisse 47 kB
Java Source File Licensed for inclusion in ASF works Privileges2.java 2006-03-29 09:20 AM Michelle Caisse 47 kB
Environment: generic
Issue Links:
Incorporates
 
Reference

Urgency: Normal
Resolution Date: 18/Sep/06 03:44 PM

Sub-Tasks  All   Open   
1.
 Add EXTERNAL SECURITY DEFINER and EXTERNAL SECURITY INVOKER support for routines(functions or procedures) Sub-task Closed Closed Unassigned  
2.
 documentation to address Grant/Revoke (Derby-464) Sub-task Closed Closed Laura Stewart  
3.
 Provide runtime privilege checking for grant/revoke functionality Sub-task Closed Closed Mamta A. Satoor  
4.
 Add GRANTOR column to primary key for SYSTABLEPERMS, SYSCOLPERMS and SYSROUTINEPERMS Sub-task Closed Closed Satheesh Bandaram  
5.
 Address two remaining issues with GRANT/REVOKE functionality: 1) Add warning when sqlAuthorization is on with authentication off 2) Drop permission descriptors when objects they cover are dropped. Sub-task Closed Closed Satheesh Bandaram  
6.
 Address remaining upgrade task(s) to complete full upgrade mechanism for GRANT/REVOKE, specifically with changing database owner name from 'DBA' to authorizationId of user invoking upgrade. Sub-task Closed Closed Deepa Remesh  

 Description  « Hide
Derby currently provides a very simple permissions scheme, which is quite suitable for an embedded database system. End users of embedded Derby do not see Derby directly; they talk to a application that embeds Derby. So Derby left most of the access control work to the application. Under this scheme, Derby limits access on a per database or per system basis. A user can be granted full, read-only, or no access.

This is less suitable in a general purpose SQL server. When end users or diverse applications can issue SQL commands directly against the database, Derby must provide more precise mechanisms to limit who can do what with the database.

I propose to enhance Derby by implementing a subset of grant/revoke capabilities as specified by the SQL standard. I envision this work to involve the following tasks, at least:

1) Develop a specification of what capabilities I would like to add to Derby.
2) Provide a high level implementation scheme.
3) Pursue a staged development plan, with support for DDL added to Derby first.
4) Add support for runtime checking of these privileges.
5) Address migration and upgrade issues from previous releases and from old scheme to newer database.

Since I think this is a large task, I would like to invite any interested people to work with me on this large and important enhancement to Derby.

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Satheesh Bandaram made changes - 20/Jul/05 03:26 AM
Field Original Value New Value
Assignee Satheesh Bandaram [ bandaram ]
Satheesh Bandaram made changes - 27/Oct/05 03:29 AM
Attachment grant.html [ 12320334 ]
Satheesh Bandaram made changes - 07/Dec/05 12:15 AM
Attachment grantRevoke.stat.Dec5 [ 12321172 ]
Satheesh Bandaram made changes - 07/Dec/05 12:15 AM
Attachment grantRevoke.patch.Dec5 [ 12321173 ]
Satheesh Bandaram made changes - 24/Dec/05 05:00 PM
Attachment grantRevokeDec23.html [ 12321554 ]
Satheesh Bandaram made changes - 17/Jan/06 03:30 AM
Status Open [ 1 ] In Progress [ 3 ]
Satheesh Bandaram made changes - 16/Feb/06 11:18 AM
Attachment grant.html [ 12320334 ]
Satheesh Bandaram made changes - 16/Feb/06 05:26 PM
Attachment grantRevokeDec23.html [ 12321554 ]
Satheesh Bandaram made changes - 16/Feb/06 05:30 PM
Attachment grantRevokeSpec.html [ 12323047 ]
Satheesh Bandaram made changes - 20/Feb/06 11:22 PM
Attachment GrantRevokePartII.txt [ 12323191 ]
Satheesh Bandaram made changes - 23/Feb/06 03:48 AM
Other Info [Patch available]
Satheesh Bandaram made changes - 25/Feb/06 12:48 AM
Attachment GrantRevokePartII.txt [ 12323370 ]
Attachment GrantRevokePartII.stat [ 12323369 ]
Attachment changeDescriptionPartII [ 12323368 ]
Satheesh Bandaram made changes - 12/Mar/06 05:01 AM
Attachment grantRevokeSpec_v2.html [ 12324061 ]
Michelle Caisse made changes - 29/Mar/06 07:49 AM
Attachment Privileges.java [ 12324690 ]
Michelle Caisse made changes - 29/Mar/06 09:20 AM
Attachment Privileges2.java [ 12324695 ]
Andrew McIntyre made changes - 01/Apr/06 06:09 AM
Other Info [Patch available]
Derby Info [Patch Available]
Satheesh Bandaram made changes - 12/Jun/06 12:08 PM
Derby Info [Patch Available]
Mamta A. Satoor made changes - 18/Jul/06 04:20 PM
Link This issue incorporates DERBY-1521 [ DERBY-1521 ]
Mamta A. Satoor made changes - 18/Jul/06 04:21 PM
Link This issue incorporates DERBY-1522 [ DERBY-1522 ]
Mamta A. Satoor made changes - 18/Jul/06 04:21 PM
Link This issue incorporates DERBY-1523 [ DERBY-1523 ]
Daniel John Debrunner made changes - 18/Jul/06 06:51 PM
Link This issue incorporates DERBY-1367 [ DERBY-1367 ]
Yip Ng made changes - 19/Jul/06 07:16 PM
Link This issue relates to DERBY-1538 [ DERBY-1538 ]
Yip Ng made changes - 20/Jul/06 12:29 AM
Link This issue relates to DERBY-1542 [ DERBY-1542 ]
Satheesh Bandaram made changes - 24/Jul/06 11:25 PM
Attachment grantRevokeSpec_v3.html [ 12337435 ]
Satheesh Bandaram made changes - 24/Jul/06 11:29 PM
Fix Version/s 10.2.0.0 [ 11187 ]
Daniel John Debrunner made changes - 25/Jul/06 05:22 AM
Link This issue relates to DERBY-1582 [ DERBY-1582 ]
Mamta A. Satoor made changes - 25/Jul/06 05:24 PM
Attachment grantRevokeSpec_v4.html [ 12337481 ]
Mamta A. Satoor made changes - 25/Jul/06 05:24 PM
Derby Info [Patch Available]
Mamta A. Satoor made changes - 25/Jul/06 07:44 PM
Attachment grantRevokeSpec_v4_1.html [ 12337491 ]
Daniel John Debrunner made changes - 25/Jul/06 08:29 PM
Link This issue is related to DERBY-1523 [ DERBY-1523 ]
Daniel John Debrunner made changes - 25/Jul/06 08:30 PM
Link This issue is related to DERBY-1589 [ DERBY-1589 ]
Daniel John Debrunner made changes - 25/Jul/06 08:57 PM
Link This issue incorporates DERBY-1579 [ DERBY-1579 ]
Yip Ng made changes - 26/Jul/06 09:28 AM
Link This issue relates to DERBY-1592 [ DERBY-1592 ]
Daniel John Debrunner made changes - 26/Jul/06 02:27 PM
Derby Info [Patch Available]
Rick Hillegas made changes - 28/Jul/06 06:21 PM
Urgency Normal
Yip Ng made changes - 30/Jul/06 02:21 AM
Link This issue relates to DERBY-1583 [ DERBY-1583 ]
Satheesh Bandaram made changes - 13/Aug/06 02:35 PM
Attachment grantRevokeSpec_v5.html [ 12338762 ]
Yip Ng made changes - 16/Aug/06 10:18 PM
Link This issue relates to DERBY-1708 [ DERBY-1708 ]
Yip Ng made changes - 17/Aug/06 04:44 PM
Link This issue relates to DERBY-1715 [ DERBY-1715 ]
Yip Ng made changes - 17/Aug/06 08:26 PM
Link This issue relates to DERBY-1716 [ DERBY-1716 ]
Yip Ng made changes - 18/Aug/06 01:27 AM
Link This issue relates to DERBY-1723 [ DERBY-1723 ]
Yip Ng made changes - 18/Aug/06 09:13 AM
Link This issue relates to DERBY-1724 [ DERBY-1724 ]
Yip Ng made changes - 18/Aug/06 09:44 PM
Link This issue relates to DERBY-1729 [ DERBY-1729 ]
Yip Ng made changes - 21/Aug/06 05:26 PM
Link This issue relates to DERBY-1738 [ DERBY-1738 ]
Yip Ng made changes - 14/Sep/06 06:35 AM
Link This issue relates to DERBY-1847 [ DERBY-1847 ]
Mike Matrigali made changes - 15/Sep/06 08:13 PM
Assignee Satheesh Bandaram [ bandaram ]
Mike Matrigali made changes - 18/Sep/06 03:44 PM
Status In Progress [ 3 ] Resolved [ 5 ]
Resolution Fixed [ 1 ]
Andrew McIntyre made changes - 13/Dec/07 09:04 AM
Status Resolved [ 5 ] Closed [ 6 ]
Kathey Marsden made changes - 11/Jun/09 08:35 PM
Link This issue relates to DERBY-4268 [ DERBY-4268 ]
Dag H. Wanvik made changes - 01/Jul/09 12:34 AM
Issue Type New Feature [ 2 ] Improvement [ 4 ]

Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators