db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <rick.hille...@oracle.com>
Subject Re: Prefabricated database with specific properties and hidden structure.‏
Date Fri, 25 Jul 2014 14:49:39 GMT
Hi Vasilis,

Derby has many security mechanisms which may be relevant. However, I 
don't see how they could be combined to satisfy every constraint of your 
problem. The relevant mechanisms include:

1) Fine-grained SQL authorization.

2) Coarse-grained connection access modes.

3) Definer's rights for database procedures and functions.

(1) and (2) are described by the Developer's Guide section on "User 
authorizations": 
http://db.apache.org/derby/docs/10.10/devguide/cdevcsecure36595.html. 
(3) is described by the Reference Guide sections on "CREATE FUNCTION" 
and "CREATE PROCEDURE": 
http://db.apache.org/derby/docs/10.10/ref/rrefcreatefunctionstatement.html 
and 
http://db.apache.org/derby/docs/10.10/ref/rrefcreateprocedurestatement.html.

Hope this helps,
-Rick

On 7/24/14 2:02 PM, vasilis papadinas wrote:
>
> How can I make a derby data base for only two types of users, (user1 
> and user2).
>
> User1 has the power only to modify the data base structure (create – 
> delete tables) and nothing else. This user must no has access in data 
> of the data base. No one else except user1 must not see any 
> information of the structure of the database and any derby.properties 
> file.
>
> User2 he has the power to work only with the data into data base 
> (read, write, delete data rows inside the tables), but he has no any 
> access in structure of the data base.
>
> Each user must he has the own key entry.
>
> These two keys must store with cryptography in side of derby database.
>
> The database will be distributed with those properties and each holder 
> will always user2.
>
> Alongwith the database, extra will be given and a ready set of sql 
> queries, ready to run. So user2 can write java programs linked to this 
> database and perform the given sql queries.
>
> The user2 should be able to change its own key.
>


Mime
View raw message