Derby
  1. Derby
  2. DERBY-2735

Add a system procedure to set a user's connection level authorization.

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 10.3.1.4
    • Component/s: SQL
    • Labels:
      None
    • Bug behavior facts:
      Security

      Description

      Add procedure & function to set (and get ) a user's connection authorization to full access, read-only or not defined.
      Based upon the existing UserUtility class but only exposing a single procedure that sets the permission. This is to avoid any appearance that the procedure adds a user.

      SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(8) CONNECTION_PERMISSION)

      Valid values for CONNECTION_PERMISSION

      FULL - Add the user to the list of full access users for the database, i.e. the database property derby.database.fullAccessUsers)
      READONLY - - Add the user to the list of read-only users for the database, i.e. the database property derby.database.readOnlyAccessUsers)
      NULL - remove the user from the list of permissions, reverting it to the default permission.

      SYSCS_UTIL.SYSCS_GET_USER_ACCESS(VARCHAR(128) USERNAME) RETURNS VARCHAR(8)

      Gets the current connection access permissions for the user, factors in the default connection mode.

      Return either FULL, READONLY, NO or NULL.

      (NO means connection attempt by user will be denied by the user not having an entry in derby.database.fullAccessUsers or derby.database.readOnlyAccessUsers and derby.database.defaultConnectionMode is set to noAccess)

      The names of the connection permissions match the existing names in use by Derby.

        Issue Links

          Activity

          Hide
          Daniel John Debrunner added a comment -

          Not sure what you are asking Laura. If you look at the reference pages for other procedures/functions you'll see that the definition of the procedures include the type definitions of each parameter.

          E.g.

          http://db.apache.org/derby/docs/dev/ref/rrefimportdataproc.html

          Show
          Daniel John Debrunner added a comment - Not sure what you are asking Laura. If you look at the reference pages for other procedures/functions you'll see that the definition of the procedures include the type definitions of each parameter. E.g. http://db.apache.org/derby/docs/dev/ref/rrefimportdataproc.html
          Hide
          Laura Stewart added a comment -

          Hi Dan - I am going to document these procedures as part of Derby-2914. I just want to be certain that I understand the syntax...

          SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(128) CONNECTION_PERMISSION)

          means

          SYSCS_UTIL.SYSCS_SET_USER_ACCESS(USERNAME. CONNECTION_PERMISSION)

          Where USERNAME and CONNECTION_PERMISSION are both VARCHARs with a max of 128 characters... yes?

          Show
          Laura Stewart added a comment - Hi Dan - I am going to document these procedures as part of Derby-2914. I just want to be certain that I understand the syntax... SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(128) CONNECTION_PERMISSION) means SYSCS_UTIL.SYSCS_SET_USER_ACCESS(USERNAME. CONNECTION_PERMISSION) Where USERNAME and CONNECTION_PERMISSION are both VARCHARs with a max of 128 characters... yes?
          Hide
          Daniel John Debrunner added a comment -

          Routines have been added with minor changes to the above.

          1) Type of the permission changed to a VARCHAR(128)

          SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(128) CONNECTION_PERMISSION)
          SYSCS_UTIL.SYSCS_GET_USER_ACCESS(VARCHAR(128) USERNAME) RETURNS VARCHAR(128)

          2) Values for the connection permission changed to match the property settiing explicitly

          NOACCESS
          FULLACCESS
          READONLYACCESS

          all case insensitive.

          Show
          Daniel John Debrunner added a comment - Routines have been added with minor changes to the above. 1) Type of the permission changed to a VARCHAR(128) SYSCS_UTIL.SYSCS_SET_USER_ACCESS(VARCHAR(128) USERNAME, VARCHAR(128) CONNECTION_PERMISSION) SYSCS_UTIL.SYSCS_GET_USER_ACCESS(VARCHAR(128) USERNAME) RETURNS VARCHAR(128) 2) Values for the connection permission changed to match the property settiing explicitly NOACCESS FULLACCESS READONLYACCESS all case insensitive.

            People

            • Assignee:
              Daniel John Debrunner
              Reporter:
              Daniel John Debrunner
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development