declare

declare

关注
发信
关注(28)粉丝(399)

DB2 v 8.1.9 linux中的特权

本文介绍了DB2 v 8.1.9 linux中的特权的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 我刚刚创建了一个新用户并且仅在单个 视图中授予了连接和选择权限。当我连接到我的数据库时,新用户在整个数据库上至少具有选择权限。我做错了什么或 误会?如何发现我的 数据库授予的所有权限?如何撤销所有权限,然后只恢复我想要的那些?b $ b?公共默认是否获得任何权限? I just created a new user and granted connect and select on a singleview, only. When I connect to my database, the new user has at leastselect privileges on the whole database. What am I doing wrong ormisunderstanding? How do I discover all the privileges granted on mydatabase? How do I revoke all privileges and then restore just the onesI want? Does public get any privileges by default?推荐答案 Bob, 你是如何测试你的假设的。我怀疑你试图从 SYSCAT视图或SYSIBM表中进行选择。 默认情况下,PUBLIC在目录对象上获得SELECT(SYSCAT, SYSIBM,SYSFUN和SYSPROC)。 在DB2 9中有一个新的RESTRICT选项,可以很快地创建数据库 。 在DB2 V8上,在这些 对象上从PUBLIC撤销SEELCT的简单程序应该没问题。 类似于: CREATE PROCEDURE revokepublic (IN objecttype VARCHAR(20)) BEGIN DECLARE revtxt VARCHAR(1000); DECLARE curtxt VARCHAR(1000); DECLARE SQLCODE INTEGER; DECLARE SQLSTATE CHAR(5); DECLARE objname VARCHAR(128); DECLARE objschema VARCHAR (128); DECLARE stmt STATEMENT; DELCARE cur CURSOR FOR stmt; SET curtxt = CASE UCASE(objecttype)WHEN''TABLE '' 然后从SYSCAT.TABLES WHERE''选择TABSCHEMA,TABNAME TABSCHEMA喜欢''''SYS%'''' ... 结束; PREPARE stmt FROM curtxt; OPEN cur; LOOP FETCH TABSCHEMA,TABNAME INTO OBJSCHEMA,OBJNAME; 如果SQLCODE = 100那么离开;结束IF; SET revtxt =''REVOKE SELECT ON''|| objtype || ''''''|| objschema || ''"。"''|| objname || "来自PUBLIC''; EXECUTE IMMEDIATE revtxt; END LOOP; END Well ,类似的...... 干杯 Serge - Serge Rielau DB2解决方案开发 IBM多伦多实验室 IOD会议 http://www.ibm.com/software/data/ond...ness/conf2006/ 鲍勃, 你是如何测试你的假设的。我怀疑你试图从SYSCAT视图或SYSIBM表中进行选择。默认情况下,PUBLIC在目录对象(SYSCAT, SYSIBM,SYSFUN和SYSPROC)上被授予SELECT。在DB2 9中,有一个新的RESTRICT选项,可以非常紧密地创建数据库。在DB2 V8上,从PUBLIC上撤销SEELCT的简单过程就可以了。 类似于: CREATE PROCEDURE revokepublic(IN objecttype VARCHAR(20)) BEGIN DECLARE revtxt VARCHAR(1000); DECLARE curtxt VARCHAR(1000); DECLARE SQLCODE INTEGER; DECLARE SQLSTATE CHAR(5); DECLARE objname VARCHAR(128); DECLARE objschema VARCHAR(128); DECLARE stmt STATEMENT; DELCARE cur CURSOR FOR stmt; SET curtxt = CASE UCASE(objecttype)WHEN''TABLE''那么'选择TABSCHEMA,来自SYSCAT.TABLES的TABNAME TABSCHEMA喜欢'' ''SYS%''''' ...... 结束; PRETARE stmt FROM curtxt; OPEN cur; LOOP FETCH TABSCHEMA,TABNAME INTO OBJSCHEMA,OBJNAME; 如果SQLCODE = 100那么离开; END IF; SET revtxt =''REVOKE SELECT ON''|| objtype || ''''''|| objschema || ''"。"''|| objname || "来自PUBLIC''; EXECUTE IMMEDIATE revtxt; 结束循环; 结束 嗯,这样的东西.... 干杯 Serge Bob, How did you test your hypothesis. I suspect you tried to select from a SYSCAT view or a SYSIBM table. By default PUBLIC gets granted SELECT on the catalog objects (SYSCAT, SYSIBM, SYSFUN and SYSPROC). In DB2 9 there is a new RESTRICT option that creates the database very tight to begin with. On DB2 V8 a simple procedure revoking SEELCT from PUBLIC on these objects should do just fine. Something like: CREATE PROCEDURE revokepublic(IN objecttype VARCHAR(20)) BEGIN DECLARE revtxt VARCHAR(1000); DECLARE curtxt VARCHAR(1000); DECLARE SQLCODE INTEGER; DECLARE SQLSTATE CHAR(5); DECLARE objname VARCHAR(128); DECLARE objschema VARCHAR(128); DECLARE stmt STATEMENT; DELCARE cur CURSOR FOR stmt; SET curtxt = CASE UCASE(objecttype) WHEN ''TABLE'' THEN ''SELECT TABSCHEMA, TABNAME FROM SYSCAT.TABLES WHERE TABSCHEMA LIKE ''''SYS%'''''' ... END; PREPARE stmt FROM curtxt; OPEN cur; LOOP FETCH TABSCHEMA, TABNAME INTO OBJSCHEMA, OBJNAME; IF SQLCODE = 100 THEN LEAVE; END IF; SET revtxt = ''REVOKE SELECT ON '' || objtype || '' "'' || objschema || ''"."'' || objname || ''" FROM PUBLIC''; EXECUTE IMMEDIATE revtxt; END LOOP; END Well, something like that.... Cheers Serge 实际上我在自己的桌子上尝试了一个选择,因为我根据我的一个给了一个VIEW,然后给了一个VIEW。桌子。 然而我弄清楚我做错了什么。这个新用户我上周遇到了很多麻烦,我抓到的其中一个吸引力就是让这个新用户像我的一些工作用户一样可能, 包括团体。这些组中至少有一个必须具有admin 授权。一旦我删除了不必要的组,用户ID 表现得如我所愿。 感谢您的程序,我会保留它以防将来需要。 群组中的每个人都有连接授权吗?是否有一种 的方式使一个模式对公众不可见? Actually I tried a select on one of my own tables, since I grantedSELECT to a VIEW based on one of my tables. However I figured out what I did wrong. This the new user I was havingso much trouble with last week and one of the straws I grasped was tomake this new user as like some of my working users as possible,including groups. At least one of those groups must have adminauthorization. As soon as I removed the unnecessary groups, the useridbehaved as I wish. Thanks for the procedure, I will keep it against future need. Is everyone with connect authorization in the group public? Is there away to make a schema invisible to public? 没有从PUBLIC撤销此架构中所有对象的权限: no。 - Knut Stolze DB2信息集成开发 IBM德国 Short of revoking the privileges on all objects in this schema from PUBLIC:no. --Knut StolzeDB2 Information Integration DevelopmentIBM Germany 这篇关于DB2 v 8.1.9 linux中的特权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!
09-18 09:17
Powered by LMLPHP ©2024 declare 0.005156