Discussed this issue a bit with Rick off line, and came to the conclusion
that this action should probably be protected by system privileges. The reasoning is
as follows: a) If there is no database at the url location, this is really a create database
operation. b) if there is an existing database in the url location, the operation involves
more than a single database: Only the latter seems the right scope for database level
If one did consider checking against database level (owner) privileges, which database
image should determine the ownership of the database, the backup or the url image?
(While we can not change ownership right now, that might change.)
It seems cleaner to me to make this a system level privilege (DERBY-2109).
Linking this issue to DERBY-2109 for reference.