Soft permissions?

Re: Soft permissions?

Not that I know of - you could use triggers to write the warnings to a
table for "illegal" inserts/updates/deletes.

You could also use the audit facility (db2audit) to track illicit
access, and perhaps interpret the contents of the audit file to send
warnings to users.

paul@atom.sbrk. co.uk wrote:
[color=blue]
> Is there any way to grant some sort of advisory or "soft"
> permissions to a table such that only warnings would be
> generated if the permissions were violated rather than
> preventing the access altogether?
>
> Paul[/color]

Re: Soft permissions?

In article <bnm3va$s17$1@h anover.torolab. ibm.com>, Blair Adamache wrote:[color=blue]
> paul@atom.sbrk. co.uk wrote:[color=green]
>> Is there any way to grant some sort of advisory or "soft"
>> permissions to a table such that only warnings would be
>> generated if the permissions were violated rather than
>> preventing the access altogether?[/color][/color]
[color=blue]
> Not that I know of - you could use triggers to write the warnings to a
> table for "illegal" inserts/updates/deletes.[/color]
[color=blue]
> You could also use the audit facility (db2audit) to track illicit
> access, and perhaps interpret the contents of the audit file to send
> warnings to users.[/color]

Thanks for that. I imagined that it was possible to do with triggers
and thought that someone might've already implemented something
similar. The auditing is also another after the fact alternative
I could try.

The reason to do this is to add some restrictions to an existing
application but I'd like to figure out the impact before committing
to it.

Cheers,

Paul

Re: Soft permissions?

paul@atom.sbrk. co.uk <paul@atom.sbrk .co.uk> wrote:
[color=blue]
> In article <bnm3va$s17$1@h anover.torolab. ibm.com>, Blair Adamache wrote:[color=green]
>> paul@atom.sbrk. co.uk wrote:[color=darkred]
>>> Is there any way to grant some sort of advisory or "soft"
>>> permissions to a table such that only warnings would be
>>> generated if the permissions were violated rather than
>>> preventing the access altogether?[/color][/color]
>[color=green]
>> Not that I know of - you could use triggers to write the warnings to a
>> table for "illegal" inserts/updates/deletes.[/color]
>[color=green]
>> You could also use the audit facility (db2audit) to track illicit
>> access, and perhaps interpret the contents of the audit file to send
>> warnings to users.[/color]
>
> Thanks for that. I imagined that it was possible to do with triggers
> and thought that someone might've already implemented something
> similar. The auditing is also another after the fact alternative
> I could try.
>
> The reason to do this is to add some restrictions to an existing
> application but I'd like to figure out the impact before committing
> to it.[/color]

Maybe you could rename the table and then create an appropriate view with
the original table name to implement the restriction. Then you would not
get any error, but you would not see any "illegal" access attempt either.

--
Knut Stolze
Information Integration
IBM Germany / University of Jena