Setting access for individual users

You can use the derby.database.fullAccessUsers and derby.database.readOnlyAccessUsers properties to specify the user IDs that have read-write access and read-only access to a database.

If you use SQL authorization (the default with NATIVE authentication), you typically do not use these properties.

You can specify multiple user IDs by using a comma-separated list, with no spaces between the comma and the next user ID.

To set the user authorizations for individual users, specify the access in a CALL statement. For example:

To specify read-write access for the system administrator user ID sa and for the user ID maria, issue this CALL statement:

CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
    'derby.database.fullAccessUsers', 'sa,maria')

To specify read-only access for a guest user ID and for Fred, issue this CALL statement:

CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
    'derby.database.readOnlyAccessUsers', 'guest,Fred')

To specify read-write access for the user ID "Elena!", use delimited identifiers for the user ID. For example:

CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
    'derby.database.fullAccessUsers', '"Elena!"')

Read-only and full access permissions
The actions that users can perform on a Derby database are determined by the type of access that users have to the database objects.
User authorization exceptions
SQL exceptions are returned when errors occur with user authorizations.

Parent topic: User authorizations

Related concepts

Setting the SQL standard authorization mode

Setting the default connection access mode