If you run with Java SE 7 or later, and if you start the Network Server from the command line, access to databases and to other files created by is by default restricted to the operating system account that started the Network Server. File access is not restricted for embedded databases or for databases managed by servers that are started programmatically inside application code using the API.

You can override this default behavior by setting the system property derby.storage.useDefaultFilePermissions to either true or false.

If you run with the Java SE 6 platform, this property is ignored, and uses the default file permissions the user has set for their system.

The two tables that follow show how file access works with Java SE 6 and with Java SE 7 and later JVMs. In both tables,

• "Environment" means that access is controlled entirely by the JVM environment and the file location only (that is, by the umask setting on UNIX and Linux systems and by the default file permissions on Windows NTFS).
• "Restricted" means that restricts access to the operating system account that started the JVM.

The following table shows how file access works on Java SE 6 systems.

The following table shows how file access works on Java SE 7 and later systems with various settings of the derby.storage.useDefaultFilePermissions property.

For more information, see "Restricting file permissions" in the .

By default, this property is not set.

system-wide

Dynamic. Existing files will keep their previous permissions, but files created after the property is set will have the permissions specified by the property. If you want all the files in the database to have the same permissions, do not change the property while is running.

For information about dynamic changes to properties, see .