Results 1 to 2 of 2
  1. #1
    Join Date
    Dec 2002
    Location
    Vancouver, BC
    Posts
    1

    Question Unanswered: revoke not revoking...

    Hi. DB2 newbie here. I've got a wierd situation and I'm not sure if I'm missing something or not..

    I have revoked all table rights to a table in my database to a particular group of users. However I can still log onto the database in the CLP and select from the table.

    Here are the steps I used in the CLP

    1.. I connect to the database with the user who created the tables.

    2.. revoke all on pr_employee from group testusr

    3.. DB2 says sql completed sucessfully

    4.. I disconnect from the database

    5.. I connect to the database with a user in the testusr group

    6.. select count(*) from pr_employee

    7.. DB2 returns a record count.

    Even worse, I can connect to the database using ODBC via MS Access and view the records with the same test user.

    I've confirmed that the group's rights have been revoked because they no longer appear in syscat.tabauth

    What do I check next?

    Edit to provide more info:

    DB2 7.1 on W2K server -- not sure what the FP level is.

    sati
    Last edited by sati; 12-20-02 at 19:07.

  2. #2
    Join Date
    Aug 2001
    Location
    UK
    Posts
    4,650

    Re: revoke not revoking...

    Atleast once in the past I had to disconnect all applications and reconnect them for this privilege to come to effect ....

    Before that, have you been chekcing for the privileges by logging on using only one user in the group? If so, try from other users also ...

    Check if this user(or group) has DBA privileges ?

    Or if that user has been granted explicit privilege for the table ?

    Or if the privilege on the table is granted to PUBLIC ...

    HTH

    Cheers

    Sathyaram


    Originally posted by sati
    Hi. DB2 newbie here. I've got a wierd situation and I'm not sure if I'm missing something or not..

    I have revoked all table rights to a table in my database to a particular group of users. However I can still log onto the database in the CLP and select from the table.

    Here are the steps I used in the CLP

    1.. I connect to the database with the user who created the tables.

    2.. revoke all on pr_employee from group testusr

    3.. DB2 says sql completed sucessfully

    4.. I disconnect from the database

    5.. I connect to the database with a user in the testusr group

    6.. select count(*) from pr_employee

    7.. DB2 returns a record count.

    Even worse, I can connect to the database using ODBC via MS Access and view the records with the same test user.

    I've confirmed that the group's rights have been revoked because they no longer appear in syscat.tabauth

    What do I check next?

    Edit to provide more info:

    DB2 7.1 on W2K server -- not sure what the FP level is.

    sati

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •