• Type: Improvement Improvement
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s:
    • Fix Version/s: None
    • Component/s: Network Server, Services
    • Labels:
    • Bug behavior facts:


      Add mechanisms for controlling system-level privileges in Derby. See the related email discussion at

      The 10.2 GRANT/REVOKE work was a big step forward in making Derby more secure in a client/server configuration. I'd like to plug more client/server security holes in 10.3. In particular, I'd like to focus on authorization issues which the ANSI spec doesn't address.

      Here are the important issues which came out of the email discussion.

      Missing privileges that are above the level of a single database:

      • Create Database
      • Shutdown all databases
      • Shutdown System

      Missing privileges specific to a particular database:

      • Shutdown that Database
      • Encrypt that database
      • Upgrade database
      • Create (in that Database) Java Plugins (currently Functions/Procedures, but someday Aggregates and VTIs)

      Note that 10.2 gave us GRANT/REVOKE control over the following database-specific issues, via granting execute privilege to system procedures:

      Jar Handling
      Backup Routines
      Admin Routines
      Property Handling
      Check Table

      In addition, since 10.0, the privilege of connecting to a database has been controlled by two properties (derby.database.fullAccessUsers and derby.database.defaultConnectionMode) as described in the security section of the Developer's Guide (see

      1. systemPrivs.html
        32 kB
        Rick Hillegas
      2. systemPrivs.html
        56 kB
        Rick Hillegas
      3. systemPrivs.html
        59 kB
        Rick Hillegas
      4. systemPrivs.html
        61 kB
        Rick Hillegas
      5. SystemPrivilegesBehaviour.html
        16 kB
        Martin Zaun
      6. DERBY-2109-12.stat
        2 kB
        Martin Zaun
      7. DERBY-2109-12.diff
        123 kB
        Martin Zaun
      8. DERBY-2109-11.stat
        2 kB
        Martin Zaun
      9. DERBY-2109-11.diff
        118 kB
        Martin Zaun
      10. DERBY-2109-10.stat
        2 kB
        Martin Zaun
      11. DERBY-2109-10.diff
        109 kB
        Martin Zaun
      12. DERBY-2109-09.stat
        2 kB
        Martin Zaun
      13. DERBY-2109-09.diff
        104 kB
        Martin Zaun
      14. DERBY-2109-08.stat
        2 kB
        Martin Zaun
      15. DERBY-2109-08.diff
        83 kB
        Martin Zaun
      16. DERBY-2109-08_addendum.stat
        0.3 kB
        Martin Zaun
      17. DERBY-2109-08_addendum.diff
        5 kB
        Martin Zaun
      18. DERBY-2109-07.stat
        1 kB
        Martin Zaun
      19. DERBY-2109-07.diff
        80 kB
        Martin Zaun
      20. DERBY-2109-05and06.stat
        0.9 kB
        Martin Zaun
      21. DERBY-2109-05and06.diff
        42 kB
        Martin Zaun
      22. DERBY-2109-04.stat
        0.3 kB
        Martin Zaun
      23. DERBY-2109-04.diff
        11 kB
        Martin Zaun
      24. derby-2109-03-javadoc-see-tags.diff
        4 kB
        Kristian Waagan
      25. DERBY-2109-02.stat
        0.7 kB
        Martin Zaun
      26. DERBY-2109-02.diff
        57 kB
        Martin Zaun

        Issue Links


          No work has yet been logged on this issue.


            • Assignee:
              Rick Hillegas
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: