我用sqlAuthorization和Derby中的一些表创建了数据库。当我向系统添加一些fullAccessUsers时,由于特权,用户无法访问表。我为用户使用GRANT语句,但没有帮助。我在下面分享我的代码;
创建数据库;
String owner = "admin";
String ownerp = "admin";
String user1= "testuser";
String user1p = "testuser";
String driver = "org.apache.derby.jdbc.ClientDriver";
String connectionURL = "jdbc:derby://10.90.232.2:1527/myDB"+";user="+"\""+owner+"\""+";create=true";
Connection conn = DriverManager.getConnection(connectionURL);
设置数据库属性;
Class.forName(driver);
connectionURL = "jdbc:derby://10.90.232.2:1527/myDB"+";create=false;user="+"\""+owner+"\""+";password="+"\""+ownerp+"\""+";";
conn = DriverManager.getConnection(connectionURL);
Statement s = conn.createStatement();
//Setting DB to Require Authentication
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.connection.requireAuthentication', 'true')");
//Setting DB to SQL Authorization
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.database.sqlAuthorization', 'true')");
//Setting DB to SQL Authorization
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.authentication.provider', 'BUILTIN')");
//Creating owner username and password
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.user."+"\""+owner+"\""+"', '"+"\""+ownerp+"\""+"')");
//Creating testuser username and password
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.user."+"\""+user1+"\""+"', '"+"\""+user1p+"\""+"')");
//Set both owner and user as a fullAccessUsers (read/write)
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.database.fullAccessUsers', '"+"\""+owner+"\""+","+"\""+user1+"\""+"')");
//Setting DB to No Access for restrict unauthorized users
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.database.defaultConnectionMode', 'noAccess')");
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.database.propertiesOnly', 'false')");
s.close();
//This method shutdown the derby for take parameters.
shutDownDerby();
创建表;
//This method start the Derby Network Server
startDerby();
String connectionUrl2 = "jdbc:derby://10.90.232.2:1527/myDB"+";user="+"\""+owner+"\""+";password="+"\""+ownerp+"\""+";";
Connection con2 = DriverManager.getConnection(connectionUrl2);
java.sql.Statement stmt2;
stmt2 = con2.createStatement();
//Creating Schema
stmt2.execute("CREATE SCHEMA TEST");
//Creating Table in TEST Schema
String query1 = "CREATE TABLE TEST.USER_INFO\n" +
"(\n" +
"USERNAME VARCHAR(80),\n" +
"INFO VARCHAR(160)\n" +
")";
stmt2.execute(query1);
//This one should GRANT permission for reach TEST.USER_INFO to testuser but NOT!
stmt2.execute("GRANT SELECT ON TABLE TEST.USER_INFO TO testuser");
我使用
testuser成功连接到DB。但是当我尝试从带有TEST.USER_INFO的testuser中选择时,我收到以下SQLException;选择查询;
String query = "SELECT USERNAME, INFO FROM TEST.USER_INFO";
SQLException;
ERROR 42502: User 'testuser' does not have SELECT permission on column 'USERNAME' of table 'TEST'.'USER_INFO'.
如果我使用数据库所有者连接到数据库,则Select语句成功返回
resultset。我不了解GRANT语句中缺少什么。 最佳答案
简要说明一下,这是一个事实,即按照规范,SQL标识符应折叠为大写。因此,如果没有双引号,则testuser变为TESTUSER,并且不限于Derby。 Oracle,FirebirdDB和其他人遵循相同的行为(顺便说一下,PostgreSQL折叠为小写,而MySQL保留大小写,所以这可能是造成混淆的部分原因)。
在支持SQL的数据库中,案例折叠是一个特别麻烦的领域,因为很少有人真正喜欢标准规定的行为(如PostgreSQL团队所说,这种行为是无法挽回的),因此项目可以在几乎没人喜欢的行为和非标。