Granting permissions to DerbyThis section discusses which permissions should be granted to (the code base derby.jar).Permissionsgranting to Derby
See Default Policy Implementation and Policy File Syntax at http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html for
more information about creating policy files.
This property is used by Derby to prevent the accidental boot of the database
by two class loaders. If the database is booted by two class loaders, database
corruption can occur. This permission requirement is new in .
If write permission for this property is not granted, a message is printed
to the log file which indicates that the database
is not protected from dual boot and possible corruption.
Allows to determine
the system directory when set by db2j.system.home and create it if
needed. If the system directory already exists then only the "read" permission
needs to be granted.
Only one of these permissions is needed. Permits the application to read,
write, and delete to the log
file, unless the log has been re-directed. (See the derby.stream.error properties
in for more
information.) If one of the requested valid actions is denied, the log
will be java.lang.System.err.
You need this permission if you want to change the security policy on
the fly and reload it into a running system. Given this permission, a DBA
can reload the policy file by calling the SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY system
procedure. For more information, see the section which describes this procedure
in .
Combining permissions
You might grant one FilePermission that
encompasses several or all of the permissions instead of separately granting
a number of the more specific permissions. For example:permission java.io.FilePermission "${derby.system.home}/-", "read,write,delete";This allows the engine
complete access to the system directory and any databases contained in the
system directory.