I feel like an idiot for asking this, but neither I nor my DBA can figure
this out.
How do you create a database object that does not implicitly allow access by
any defined user?
For instance, I have a user who has been granted only the CONNECT privilege
to a certain database. But he is still able to do selects and updates and
other things to tables created by another user. Everything I've read
indicates this should not be allowed; that the user must be granted these
privileges explicitly. What are we missing?
=============== =============== =============== ===============
About DB2 Administration Tools Environment
=============== =============== =============== ===============
DB2 administration tools level:
Product identifier SQL09050
Level identifier 03010107
Level DB2 v9.5.0.808
Build level s071001
PTF NT3295
=============== =============== =============== ===============
Java development kit (JDK):
Level IBM Corporation 1.5.0
=============== =============== =============== ===============
Here's some more things that show what I am attempting:
connect to securedb user fswarbri using
Database Connection Information
Database server = DB2/NT 9.5.0
SQL authorization ID = FSWARBRI
Local database alias = SECUREDB
SELECT * FROM SYSIBMADM.PRIVI LEGES WHERE OBJECTNAME = 'SECTEST1'
AUTHID AUTHIDTYPE PRIVILEGE GRANTABLE OBJECTSCHEMA OBJECTNAME OBJECTTYPE
------------------ ----------- --------- ------------ ---------- ----------
OPSUSER U UPDATE Y OPSUSER SECTEST1 TABLE
OPSUSER U REFERENCE Y OPSUSER SECTEST1 TABLE
OPSUSER U SELECT Y OPSUSER SECTEST1 TABLE
OPSUSER U INSERT Y OPSUSER SECTEST1 TABLE
OPSUSER U INDEX Y OPSUSER SECTEST1 TABLE
OPSUSER U DELETE Y OPSUSER SECTEST1 TABLE
OPSUSER U ALTER Y OPSUSER SECTEST1 TABLE
OPSUSER U CONTROL N OPSUSER SECTEST1 TABLE
8 record(s) selected.
SELECT * FROM OPSUSER.SECTEST 1
COL1
--------------------
123
456
987
3 record(s) selected.
As you can see, only OPSUSER has any privileges on OPSUSER.SECTEST 1, and yet
user FSWARBRI is able to query on the table (and update it, for that
matter).
Thanks!
Frank
this out.
How do you create a database object that does not implicitly allow access by
any defined user?
For instance, I have a user who has been granted only the CONNECT privilege
to a certain database. But he is still able to do selects and updates and
other things to tables created by another user. Everything I've read
indicates this should not be allowed; that the user must be granted these
privileges explicitly. What are we missing?
=============== =============== =============== ===============
About DB2 Administration Tools Environment
=============== =============== =============== ===============
DB2 administration tools level:
Product identifier SQL09050
Level identifier 03010107
Level DB2 v9.5.0.808
Build level s071001
PTF NT3295
=============== =============== =============== ===============
Java development kit (JDK):
Level IBM Corporation 1.5.0
=============== =============== =============== ===============
Here's some more things that show what I am attempting:
connect to securedb user fswarbri using
Database Connection Information
Database server = DB2/NT 9.5.0
SQL authorization ID = FSWARBRI
Local database alias = SECUREDB
SELECT * FROM SYSIBMADM.PRIVI LEGES WHERE OBJECTNAME = 'SECTEST1'
AUTHID AUTHIDTYPE PRIVILEGE GRANTABLE OBJECTSCHEMA OBJECTNAME OBJECTTYPE
------------------ ----------- --------- ------------ ---------- ----------
OPSUSER U UPDATE Y OPSUSER SECTEST1 TABLE
OPSUSER U REFERENCE Y OPSUSER SECTEST1 TABLE
OPSUSER U SELECT Y OPSUSER SECTEST1 TABLE
OPSUSER U INSERT Y OPSUSER SECTEST1 TABLE
OPSUSER U INDEX Y OPSUSER SECTEST1 TABLE
OPSUSER U DELETE Y OPSUSER SECTEST1 TABLE
OPSUSER U ALTER Y OPSUSER SECTEST1 TABLE
OPSUSER U CONTROL N OPSUSER SECTEST1 TABLE
8 record(s) selected.
SELECT * FROM OPSUSER.SECTEST 1
COL1
--------------------
123
456
987
3 record(s) selected.
As you can see, only OPSUSER has any privileges on OPSUSER.SECTEST 1, and yet
user FSWARBRI is able to query on the table (and update it, for that
matter).
Thanks!
Frank
Comment