Hi Vasilis,
Derby has many security mechanisms which may be relevant. However, I
don't see how they could be combined to satisfy every constraint of your
problem. The relevant mechanisms include:
1) Fine-grained SQL authorization.
2) Coarse-grained connection access modes.
3) Definer's rights for database procedures and functions.
(1) and (2) are described by the Developer's Guide section on "User
authorizations":
http://db.apache.org/derby/docs/10.10/devguide/cdevcsecure36595.html.
(3) is described by the Reference Guide sections on "CREATE FUNCTION"
and "CREATE PROCEDURE":
http://db.apache.org/derby/docs/10.10/ref/rrefcreatefunctionstatement.html
and
http://db.apache.org/derby/docs/10.10/ref/rrefcreateprocedurestatement.html.
Hope this helps,
-Rick
On 7/24/14 2:02 PM, vasilis papadinas wrote:
How can I make a derby data base for only two types of users, (user1
and user2).
User1 has the power only to modify the data base structure (create –
delete tables) and nothing else. This user must no has access in data
of the data base. No one else except user1 must not see any
information of the structure of the database and any derby.properties
file.
User2 he has the power to work only with the data into data base
(read, write, delete data rows inside the tables), but he has no any
access in structure of the data base.
Each user must he has the own key entry.
These two keys must store with cryptography in side of derby database.
The database will be distributed with those properties and each holder
will always user2.
Alongwith the database, extra will be given and a ready set of sql
queries, ready to run. So user2 can write java programs linked to this
database and perform the given sql queries.
The user2 should be able to change its own key.
