Results 1 to 8 of 8

Thread: Permissions

  1. #1
    Join Date
    Jun 2009
    Posts
    272

    Unanswered: Permissions

    I am in db2 V9.5 FP1. Is it possible to revoke select, insert, update, delete access on one table from a user who has dbadm authority ?

  2. #2
    Join Date
    Jan 2010
    Posts
    335
    Hi,

    afaik this can only be done in DB2 9.7.

    nvk

  3. #3
    Join Date
    Jun 2009
    Posts
    272
    Thanks for your response. Can you please tell me how in 9.7 can we make it work?

  4. #4
    Join Date
    Jan 2010
    Posts
    335
    There was at Chat with the lab about new DB2 9.7 Features.
    DB2 9.7 Overview

    Could find anything on IBMs Website (which is really a mess). Only the grant in the documentation:
    IBM DB2 9.7 for Linux, UNIX and Windows Information Center
    grant dbadm without dataaccess ...

  5. #5
    Join Date
    Jun 2009
    Posts
    272
    I wanted to restrict the access only on one table. "Without Data access" option would restrict the access on all the tables.

  6. #6
    Join Date
    Jan 2010
    Posts
    335
    Yes,
    the dbadm without access has to be treated as a normal user and needs explicit grants for each table and view.

  7. #7
    Join Date
    Jun 2009
    Posts
    272
    we wanted dbadm to have accessctrl authority. So as to what you are saying, grant dbadm to a user and revoke the dataaccess authority and individually grant select, insert, update, delete to all the tables to that user except that specific table.

    But the issue is dbadm can grant select, insert, update, delete to that table to himself.

  8. #8
    Join Date
    Jan 2010
    Posts
    335
    The other Option would be Label Based Access Control (LBAC), but this Feature requires an additional License.
    The User would be able to read the Table, but no data would be returned. Also some Queries might return different results, if they are run by different users.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •