Results 1 to 2 of 2
  1. #1
    Join Date
    Apr 2014

    Unanswered: Informix Public Role

    Hi Guys

    I am not a tech guy, I am actually a Chartered Accountant who has moved over to advisory.

    In my firm, we are required to perform technical reviews by providing scripts and analysing the results. Informix is not a DB that we come across very often.

    In my current audit we have noted that the Public role has been granted D access, therefore they have DBA privileges.

    Is there any reason that any of you who have experience on Informix can think of as to why Public would require D privilege?

    I am asking so that if the client comes back to me and says they require that access for business purposes, I would like to be able to give my relevant input.

  2. #2
    Join Date
    Sep 2011
    Pont l'Abbé, Brittany, France
    Provided Answers: 1

    Did you verify that information in the sysusers system catalog table (usertype = D) ? Sysusers is the place where users and role are granted their overall privileges.
    table based privileges are defined in systabauth and syscolauth, which is another thing.

    There is no absolute reason why the "public" would require to be granted DBA privileges.

    After auditing Informix implementations since 1991, I have seen this situation many times. The reasons of this are generally lack of interest for security and "simplification" of security management.

    DBA to public is not justified in any case. It means that everybody can create, drop or alter tables as they wish, which is extremely dangerous in terms of data security.

    If (this is what I suspect), the application needs to create tables for any functional reason, I would recommend to create a DBA stored procedure(which inherents temporarily the DBA privileges) that creates the table(s), grant execute of this procedure to public, and revoke DBA from public. This would be the right to implement a safe security policy along with the ability to create some tables.

    Revoking the DBA privilege is very easy to do, but the applications will have to be thoroughly tested after that, since bad suprises may

    If you wish to understand a bit more about Informix security, you can check this presentation I had built a couple of years ago or so. This is an introduction to what you can do with Informix in terms of security.

    Ibm informix security functionality overview

    Last edited by begooden-it; 05-17-14 at 03:36.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts