See for information on NATIVE
authentication. See the other topics under
for more
information on using SQL authorization.
The program does the following:
- Uses a system property to set the authentication provider to
NATIVE:nativeAuthDB:LOCAL, meaning that
nativeAuthDB is the credentials database and that all user
credentials are stored there.
- If you are running the program using the client driver, starts the Network
Server.
- Creates a database named nativeAuthDB as the user
sysadm, who is therefore the
Database Owner. Only the Database
Owner has the right to set and read database properties.
- Calls the SYSCS_UTIL.SYSCS_CREATE_USER system procedure
to create several users: noacc, guest, and
sqlsam. The user sysadm has already been
created automatically.
- Creates the roles adder and viewer.
- Grants the role adder to sqlsam, and
grants the role viewer to guest.
- Creates a table, accessibletbl, and inserts a value into
it.
- Grants SELECT and INSERT privileges on accessibletbl to
adder.
- Tries to connect to the database without supplying credentials, and fails,
as expected.
- Connects to the database as a user who has not been granted any
privileges. The connection succeeds, but the user does not attempt to perform
any operations, since no operations would be permitted.
- Connects to the database as guest, who has the role
viewer.
- Sets the current role to viewer; the user succeeds in
executing a SELECT statement on the table, but cannot execute an INSERT
statement.
- Connects to the database as sqlsam, who has the role
adder.
- Sets the current role to adder; the user succeeds in
executing both a SELECT and an INSERT statement, but is unable to execute a
DELETE statement.
- Using the connection of the Database Owner sysadm, deletes
the table, the two roles, and the three users created previously.
- If you are running the program using the client driver, shuts down the
Network Server.
- Closes the connection and shuts down
, using the Database
Owner's credentials.
The instructions for compiling and running the program are in the comment
at the beginning of the program. DERBY_LIB is the directory
that contains the jar
files, typically DERBY_HOME/lib.