我使用sqlAuthorization创建了数据库,并在Derby中创建了一些表。当我向系统添加一些fullAccessUsers时,用户无法访问表格,因为权限。我为用户使用GRANT语句但没有帮助。我在下面分享我的代码;
创建数据库;
String owner = "admin";
String ownerp = "admin";
String user1= "testuser";
String user1p = "testuser";
String driver = "org.apache.derby.jdbc.ClientDriver";
String connectionURL = "jdbc:derby://10.90.232.2:1527/myDB"+";user="+"\""+owner+"\""+";create=true";
Connection conn = DriverManager.getConnection(connectionURL);
设置数据库属性;
Class.forName(driver);
connectionURL = "jdbc:derby://10.90.232.2:1527/myDB"+";create=false;user="+"\""+owner+"\""+";password="+"\""+ownerp+"\""+";";
conn = DriverManager.getConnection(connectionURL);
Statement s = conn.createStatement();
//Setting DB to Require Authentication
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.connection.requireAuthentication', 'true')");
//Setting DB to SQL Authorization
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.database.sqlAuthorization', 'true')");
//Setting DB to SQL Authorization
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.authentication.provider', 'BUILTIN')");
//Creating owner username and password
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.user."+"\""+owner+"\""+"', '"+"\""+ownerp+"\""+"')");
//Creating testuser username and password
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.user."+"\""+user1+"\""+"', '"+"\""+user1p+"\""+"')");
//Set both owner and user as a fullAccessUsers (read/write)
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.database.fullAccessUsers', '"+"\""+owner+"\""+","+"\""+user1+"\""+"')");
//Setting DB to No Access for restrict unauthorized users
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.database.defaultConnectionMode', 'noAccess')");
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.database.propertiesOnly', 'false')");
s.close();
//This method shutdown the derby for take parameters.
shutDownDerby();
创建表格
//This method start the Derby Network Server
startDerby();
String connectionUrl2 = "jdbc:derby://10.90.232.2:1527/myDB"+";user="+"\""+owner+"\""+";password="+"\""+ownerp+"\""+";";
Connection con2 = DriverManager.getConnection(connectionUrl2);
java.sql.Statement stmt2;
stmt2 = con2.createStatement();
//Creating Schema
stmt2.execute("CREATE SCHEMA TEST");
//Creating Table in TEST Schema
String query1 = "CREATE TABLE TEST.USER_INFO\n" +
"(\n" +
"USERNAME VARCHAR(80),\n" +
"INFO VARCHAR(160)\n" +
")";
stmt2.execute(query1);
//This one should GRANT permission for reach TEST.USER_INFO to testuser but NOT!
stmt2.execute("GRANT SELECT ON TABLE TEST.USER_INFO TO testuser");
我使用testuser成功连接到数据库。但是,当我尝试从TEST.USER_INFO选择testuser后,我会在SQLException下面收到;
选择查询;
String query = "SELECT USERNAME, INFO FROM TEST.USER_INFO";
的SQLException;
ERROR 42502: User 'testuser' does not have SELECT permission on column 'USERNAME' of table 'TEST'.'USER_INFO'.
如果我使用DB Owner连接到DB,请选择语句成功返回resultset。我在GRANT声明中遗漏了什么,我不明白。
答案 0 :(得分:0)
简要说明这是一个问题,根据规范,SQL标识符应该折叠成大写。因此,如果没有双引号,testuser变为TESTUSER,这不仅限于德比。 Oracle,FirebirdDB和其他人遵循同样的行为(顺便说一下PostgreSQL折叠为小写,而MySQL保留了案例,因此这可能是造成混淆的部分原因)。
案例折叠在SQL支持数据库中是一个特别麻烦的领域,因为很少有人真正喜欢标准强制行为(正如PostgreSQL团队所说,它无可挽回地被打破)所以项目可以在几乎没有人喜欢的行为之间做出选择。行为是非标准的。