Authorization identifiers, user authentication, and user authorization

When working with both user authentication and user authorization, you need to understand how user names are treated by each system.

If you use an external authentication system such as LDAP, the conversion of the user's name to an authorization identifier happens after authentication has occurred but before user authorization has occurred. Imagine, for example, a user named Fred.

Let's take a second example, where Fred has a slightly different name within the user authentication system.

As shown in the first example, your external authentication system may be case-sensitive, whereas the authorization identifier within Derby may not be. If your authentication system allows two distinct users whose names differ by case, delimit all user names within the connection request to make all user names case-sensitive within the Derby system. In addition, you must also delimit user names that do not conform to SQL92Identifier rules with double quotes.

Related concepts
User names and schemas
Related reference
Exceptions when using authorization identifiers