Users and authorization identifiers

User names within the Derby system are known as authorization identifiers. The authorization identifier is a string that represents the name of the user, if one was provided in the connection request. For example, the built-in function CURRENT_USER returns the authorization identifier for the current user.

Once the authorization identifier is passed to the Derby system, it becomes an SQL92Identifier. SQL92Identifiers-the kind of identifiers that represent database objects such as tables and columns-are case-insensitive (they are converted to all caps) unless delimited with double quotes, are limited to 128 characters, and have other limitations.

User names must be valid authorization identifiers even if user authentication is turned off, and even if all users are allowed access to all databases.

For more information about SQL92Identifiers, see the Derby Reference Manual.

Related concepts
Configuring security for your environment
Working with user authentication
User authorization
Encrypting databases on disk
Signed jar files
Notes on the Derby security features
User authentication and authorization examples
Running Derby under a security manager