Results 1 to 2 of 2
  1. #1
    Join Date
    Jan 2009
    Location
    Zoetermeer, Holland
    Posts
    746

    Unanswered: check result of REVOKE!

    Wow, I did not know that:
    When you grant DBADM rights to a user and REVOKE that later on all kind of priviliger still exist and have to be REVOKED as well. Here is the result (db2look -d sample -xd) of the "leftovers" after a grant & revoke of user "dick".
    Code:
    GRANT CREATETAB 	ON DATABASE  TO USER "DICK    " ;
    GRANT BINDADD 		ON DATABASE  TO USER "DICK    " ;
    GRANT CONNECT 		ON DATABASE  TO USER "DICK    " ;
    GRANT CREATE_NOT_FENCED ON DATABASE  TO USER "DICK    " ;
    GRANT IMPLICIT_SCHEMA 	ON DATABASE  TO USER "DICK    " ;
    GRANT LOAD 		ON DATABASE  TO USER "DICK    " ;
    GRANT QUIESCE_CONNECT 	ON DATABASE  TO USER "DICK    " ;
    This is not a bug, its documented behaviour DB2 Database for Linux, UNIX, and Windows but you should be aware! So run that db2look report from time-to-time an check for things from which you thought you took care of that....

  2. #2
    Join Date
    Nov 2005
    Location
    IL
    Posts
    557
    Yeap, many people also ignore the fact, or simply do not know, that when they create a new SCHEMA using a CREATE TABLE in a new schema. It gives all the other users ability to create objects in that schema as well.

    Thus, you should always define a new schema prior to building objects in it.
    --
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows

    DB2 v9.7.0.6 os 6.1.0.0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •