Results 1 to 7 of 7
  1. #1
    Join Date
    Jan 2003
    Posts
    1,605

    Unanswered: What is purpose of default DB user group "PUBLIC"? Can I delete this group?

    Hi,

    I found out that when "create database" command is carried out the "PUBLIC" group is automaticaly created.
    (To see this: on database SAMPLE | User and Group Objects | DB Groups | PUBLIC). What is purpose of this group? Can I delete this group?

    BTW, there is no group PUBLIC defined on Windows user groups.

    My system:
    - Windows 2003 Server Standard Edition
    - DB2 Workgroup Server Edition version 8 fixpack 9

    Thanks,
    Grofaty
    Last edited by grofaty; 11-24-05 at 07:24.

  2. #2
    Join Date
    Jun 2003
    Location
    Toronto, Canada
    Posts
    5,516
    Provided Answers: 1
    It's not a group but rather a keyword that you use when you grant or revoke privileges to (from) all authenticated users. You can't deleted it.

  3. #3
    Join Date
    Jan 2003
    Posts
    1,605
    n_i,
    In Control Center on SAMPLE database I have revoke all privileges from DB Groups: PUBLIC and it disappeared (deleted) from User and Group Objects | DB Groups.

    Will I experience any limitation in DB2 functionalities?

    Thanks,
    Grofaty

  4. #4
    Join Date
    Jan 2003
    Posts
    1,605
    Ok,
    I can't connect to sample database now. So I droped it and recreate it.
    So group PUBLIC has to exist on system.
    Thanks,
    Grofaty

  5. #5
    Join Date
    Mar 2004
    Location
    Toronto, ON, Canada
    Posts
    513
    Quote Originally Posted by grofaty
    Ok,
    I can't connect to sample database now. So I droped it and recreate it.
    So group PUBLIC has to exist on system.
    Thanks,
    Grofaty
    PUBLIC does not need to exist, it only applies to users who aren't part of any other group.

    If you try connect to your sample database as the instance owner, it will succeed. Or from any other user in a group you've defined on DB2.
    --
    Jonathan Petruk
    DB2 Database Consultant

  6. #6
    Join Date
    Jun 2003
    Location
    Toronto, Canada
    Posts
    5,516
    Provided Answers: 1
    Strictly speaking, PUBLIC doesn't "exist" - it's just a convenient way to say "allow everybody to do stuff". You can revoke all grants from PUBLIC, which would mean that only those users with _explicit_ grants or authorities will be able to connect/select/etc.

  7. #7
    Join Date
    Nov 2005
    Location
    IL
    Posts
    557
    +1

    In our shop it is against all known policies to have a PUBLIC having access to anything. It is the first thing that is getting revoked once a new db is created.

    So, as said before you should be ok assuming you already have id on that system and grants are given to it. If not, log in with an instance id and give apropriate grants.
    --
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows

    DB2 v9.7.0.6 os 6.1.0.0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •