Derby provides two
kinds of identity, system-wide identity and
database-specific identity.
- System-wide identity: Currently, any legal system-wide identity enjoys
authorization to perform the following operations:
- Create databases
- Restore databases
- Shut down the Derby
engine
 
- Database-specific identity: If you are a legal identity in a specific
database, you may enjoy the following rights:
- You can connect to that database, provided that coarse-grained connection
authorization has not been set to noAccess.
- You can shut down that database, encrypt it, and upgrade it, provided that
you are the Database Owner.
- You can create your own SQL objects and write data to your own tables,
provided that your coarse-grained connection authorization has not been set to
readOnlyAccess.
- You can access other SQL objects, provided that the owners have granted you
fine-grained SQL access to those objects, and provided you have not been limited
by coarse-grained readOnlyAccess.
 
The distinction between fine-grained SQL authorization and coarse-grained
connection authorization is described in
Configuring user authorization.