Re: grants & revokes

From: mross94@xxxxxxxxxxx
Date: 26 Apr 2006 17:29:11 -0700

Brian McLaughlin wrote:

I'm having trouble understanding grant/revoke on my informix database.

I'm logged onto the server as a "regular" user -- fred.
Vw_rim_department is a simple view that pulls two columns out of a
table. I'm in DBAccess, and I give the following statement:

select * from vw_rim_department

to which it responds:

272: No SELECT permission.

So, from a different shell as the user, informix, I go into DBAccess and
issue this:

Grant all on vw_rim_department to public

Grant all on vw_rim_department to fred

Back in my first session as fred, I again say:

select * from vw_rim_department

to which it again responds:

272: No SELECT permission.

So I think I'll start from scratch, and I go to my informix session and
say:

Revoke all on vw_rim_department from public

And it responds:

Warning:privilege not revoked.

I expected a grant all to public followed by a grant all to fred would
definitely give fred select permission on the view.

So my question is either:

A. Why doesn't it?
B. Where can I find a tutorial/documentation on how this works
C. <a bonus question> How can I tell what privileges a
table/view/column currently has?

Thanks,

Brian McLaughlin

Administrative Computing

George Fox University

(503) 554-2587

------_=_NextPart_001_01C66981.0AD3B33A
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Google-AttachSize: 9026

<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40";>

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PlaceType"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PlaceName"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PersonName"/>

<style>

</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

I’m having trouble understanding grant/revoke on my
informix database.<o:p></o:p>

<o:p> </o:p>

I’m logged onto the server as a “regular”
user -- fred.  Vw_rim_department is a simple view that pulls two columns out of
a table.  I’m in DBAccess, and I give the following statement:<o:p></o:p>

select * from vw_rim_department<o:p></o:p>

<o:p> </o:p>

to which it responds:<o:p></o:p>

272: No SELECT permission.<o:p></o:p>

<o:p> </o:p>

So, from a different shell as the user, informix, I go into
DBAccess and issue this:<o:p></o:p>

Grant all on vw_rim_department to public<o:p></o:p>

Grant all on vw_rim_department to fred<o:p></o:p>

<o:p> </o:p>

Back in my first session as fred, I again say:<o:p></o:p>

select * from vw_rim_department<o:p></o:p>

<o:p> </o:p>

to which it again responds:<o:p></o:p>

272: No SELECT permission.<o:p></o:p>

<o:p> </o:p>

<o:p> </o:p>

So I think I’ll start from scratch, and I go to my
informix session and say:<o:p></o:p>

Revoke all on vw_rim_department from public<o:p></o:p>

<o:p> </o:p>

And it responds:<o:p></o:p>

Warning:privilege not revoked.<o:p></o:p>

<o:p> </o:p>

I expected a grant all to public followed by a grant all to
fred would definitely give fred select permission on the view.  <o:p></o:p>

<o:p> </o:p>

So my question is either:<o:p></o:p>

<ol style='margin-top:0in' start=1 type=A>
<li class=MsoNormal style='mso-list:l0 level1 lfo1'>Why doesn’t it?<o:p></o:p></li>
<li class=MsoNormal style='mso-list:l0 level1 lfo1'>Where can I find a
tutorial/documentation on how this works<o:p></o:p></li>
<li class=MsoNormal style='mso-list:l0 level1 lfo1'><a bonus question> How
can I tell what privileges a table/view/column currently has?<o:p></o:p></li>
</ol>

<o:p> </o:p>

Thanks,<o:p></o:p>

<o:p> </o:p>

<st1:PersonName w:st="on">Brian McLaughlin</st1:PersonName><o:p></o:p>

Administrative Computing<o:p></o:p>

<st1:place w:st="on"><st1:PlaceName w:st="on">George</st1:PlaceName> <st1:PlaceName
w:st="on">Fox</st1:PlaceName> <st1:PlaceType w:st="on">University</st1:PlaceType></st1:place><o:p></o:p>

(503) 554-2587<o:p></o:p>

</div>

</body>

</html>

------_=_NextPart_001_01C66981.0AD3B33A--

A. Why doesn't it?

You will also need permission to the underlying tables.

B. Where can I find a tutorial/documentation on how this works

http://publib.boulder.ibm.com/infocenter/idshelp/v10/index.jsp?topic=/com.ibm.admin.doc/admin559.htm

C. <a bonus question> How can I tell what privileges a
table/view/column currently has?

select a.tabname, b.* from systables a, systabauth b where a.tabid =
b.tabid and a.tabid > 99

.

References:
- grants & revokes
  - From: Brian McLaughlin

Prev by Date: Free Personal Information Management Software
Next by Date: Re: Just for fun :o)
Previous by thread: grants & revokes
Next by thread: Re: grants & revokes
Index(es):
- Date
- Thread

Relevant Pages

Re: Create table rights
... you do not need to revoke it first. ... DENY in the syspermissions. ... and then GRANT directly to the user, ... >> removes a previously granted or denied permission. ...
(microsoft.public.sqlserver.security)
Re: Temporary Access to Create Tables
... If the table needs to be persisted then you can grant the CREATE TABLE ... permission and the user will be able to create tables under the form ... REVOKE CREATE TABLE TO USER. ... > I need to be able to grant to a user access to create a table, ...
(microsoft.public.sqlserver.security)
grants & revokes
... I'm having trouble understanding grant/revoke on my informix database. ... I'm in DBAccess, and I give the following statement: ... 272: No SELECT permission. ... Grant all on vw_rim_department to public ...
(comp.databases.informix)
Re: Allowing Anonymous write access only.
... need at least READ permission for login. ... > been set up so that anonymous FTP users have write access only, this> may seem insecure and we do get a certain ammount of hackers or> taggers testing the system by dropping test files and folders onto the> server, but because anonymous users do not have read access they soon> find that they cannot download anything they upload and go elsewhere. ... This is where my problems have started,> I initialy replicated all the IIS setting and NTFS permission from my> NT box on my 2003 box but so far have been unable to achive the same> result, it appaers that I can only grant anonymous write access if I ...
(microsoft.public.inetserver.iis.ftp)
Re: Yukon schemas
... ALTER to the schema. ... you have to grant create permission to perform the action ... data and to create and alter stored procedures and views that they owned. ...
(microsoft.public.sqlserver.security)