【发布时间】:2016-04-06 15:38:12
【问题描述】:
我用sqlAuthorization 和Derby 中的一些表创建了数据库。当我向系统添加一些fullAccessUsers 时,用户无法访问表,因为特权。我为用户使用GRANT 声明,但没有帮助。我在下面分享我的代码;
创建数据库;
String owner = "admin";
String ownerp = "admin";
String user1= "testuser";
String user1p = "testuser";
String driver = "org.apache.derby.jdbc.ClientDriver";
String connectionURL = "jdbc:derby://10.90.232.2:1527/myDB"+";user="+"\""+owner+"\""+";create=true";
Connection conn = DriverManager.getConnection(connectionURL);
设置数据库属性;
Class.forName(driver);
connectionURL = "jdbc:derby://10.90.232.2:1527/myDB"+";create=false;user="+"\""+owner+"\""+";password="+"\""+ownerp+"\""+";";
conn = DriverManager.getConnection(connectionURL);
Statement s = conn.createStatement();
//Setting DB to Require Authentication
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.connection.requireAuthentication', 'true')");
//Setting DB to SQL Authorization
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.database.sqlAuthorization', 'true')");
//Setting DB to SQL Authorization
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.authentication.provider', 'BUILTIN')");
//Creating owner username and password
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.user."+"\""+owner+"\""+"', '"+"\""+ownerp+"\""+"')");
//Creating testuser username and password
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.user."+"\""+user1+"\""+"', '"+"\""+user1p+"\""+"')");
//Set both owner and user as a fullAccessUsers (read/write)
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.database.fullAccessUsers', '"+"\""+owner+"\""+","+"\""+user1+"\""+"')");
//Setting DB to No Access for restrict unauthorized users
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.database.defaultConnectionMode', 'noAccess')");
s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(" +
"'derby.database.propertiesOnly', 'false')");
s.close();
//This method shutdown the derby for take parameters.
shutDownDerby();
创建表格;
//This method start the Derby Network Server
startDerby();
String connectionUrl2 = "jdbc:derby://10.90.232.2:1527/myDB"+";user="+"\""+owner+"\""+";password="+"\""+ownerp+"\""+";";
Connection con2 = DriverManager.getConnection(connectionUrl2);
java.sql.Statement stmt2;
stmt2 = con2.createStatement();
//Creating Schema
stmt2.execute("CREATE SCHEMA TEST");
//Creating Table in TEST Schema
String query1 = "CREATE TABLE TEST.USER_INFO\n" +
"(\n" +
"USERNAME VARCHAR(80),\n" +
"INFO VARCHAR(160)\n" +
")";
stmt2.execute(query1);
//This one should GRANT permission for reach TEST.USER_INFO to testuser but NOT!
stmt2.execute("GRANT SELECT ON TABLE TEST.USER_INFO TO testuser");
我使用testuser 成功连接到数据库。但是当我尝试从TEST.USER_INFO 和testuser 中选择时,我收到低于SQLException;
选择查询;
String query = "SELECT USERNAME, INFO FROM TEST.USER_INFO";
SQLException;
ERROR 42502: User 'testuser' does not have SELECT permission on column 'USERNAME' of table 'TEST'.'USER_INFO'.
如果我使用 DB Owner 连接到 DB,Select 语句会成功返回 resultset。我不明白GRANT 声明中缺少什么。
【问题讨论】:
-
这是区分大小写的事情吗?您是否实际上将选择授予 TESTUSER,但您以 testuser 身份连接到数据库?尝试执行另一个授权语句,确保在引号中指定 testuser,以便您将授权给全小写的 testuser:'grant select on test.user_info to "testuser" '
-
Bryan 再次拯救我,谢谢你 :) 真的,我不习惯德比中的
case-sensitivity。如果你还记得我在connectionURL中询问类似的用户名。无论如何stmt2.execute("GRANT SELECT ON TABLE TEST.USER_INFO TO "+"\""+user1+"\"");工作正常。您可以写为答案。
标签: java database derby privileges