db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dag.Wan...@Sun.COM (Dag H. Wanvik)
Subject Re: SQL authorisation and routine permissions
Date Mon, 03 May 2010 22:31:38 GMT
Thomas <Thomas.K.Hill@t-online.de> writes:

> Hi,
> having set-up SQL authorisation I would like to grant data modification rights
> (insert, update, delete) to stored procedures only.
> I was assuming that granting executing rights on a routine using GRANT EXECUTE
> ON PROCEDURE to appl_user (with appl_user being a role) would automatically
> grant the right to insert data to any user who can take on this role. So there
> is no need to also GRANT INSERT ON TABLE xy TO appl_user. However testing this I
> am getting a '<user> does not have INSERT permission on table' error. Does this
> mean I have to grant rights on the tables accessed in a procedure on top of
> granting execution rights on the procedure for this to work?

Yes, currently, Derby routines execute with the invoker's current
privileges. SQL has a provision for defining routines to run with the
definer's privileges as well, but this is not yet implemented in
Derby. Feel free to file an improvement request!


View raw message