By default, creates new directories and files with the default permissions of the operating system account that started the VM (the umask setting on Unix and Linux). You can configure to override those default permissions and to restrict access to just that account. If you configure this way, only that account can access the directories and files created by . If you are running on a Java 7 or higher VM, you can configure this extra protection by setting the following system property, either on the VM command line or in derby.properties:

For more information, see "derby.storage.useDefaultFilePermissions" in the .

If you set this property, other operating system accounts will have no access to directories or files created by . This behavior can be helpful in enhancing default security for database files.

The exact behavior is determined by two factors: how the engine is started, and the presence or absence and specified value of the property derby.storage.useDefaultFilePermissions.

The two tables that follow show how file access works with Java SE 7 and later JVMs and with Java SE 6. In both tables,

• "Environment" means that access is controlled entirely by the JVM environment and the file location only (that is, by the umask setting on UNIX and Linux systems and by the default file permissions on Windows NTFS).
• "Restricted" means that restricts access to the operating system account that started the JVM.

The following table shows how file access works on Java SE 7 and later systems with various settings of the derby.storage.useDefaultFilePermissions property.

The following table shows how file access works on Java SE 6 systems.

If you are running on a Java 6 or earlier VM, then you may want to adjust your account's default file permissions before using .