473,738 Members | 2,009 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

restrict creating table in other existing schema

Suppose I am an admin of a database instance. Now
I need to specify that user A has the right to create tables
in his own schema, but not anywhere else.

In order to let user A create tables, i grant createtab to that user.
However, that would enable the user to create tables in other schemas
as well (except those sys schema).

Any way to restrict the users from creating objects in other schema
than their own?

thanks

Apr 15 '07 #1
3 4392
As DBADM or SYSADMIN, make sure that you have issued:
CONNECT TO <dbname>
REVOKE IMPLICIT_SCHEMA on DATABASE FROM PUBLIC
CREATE SCHEMA <schnameAUTHORI SATION userid
GRANT CREATETAB on DATABASE to userid
CONNECT RESET
This will give userid the ability to createin,alteri n,dropin but only in the
<schname>. It will "own" the schema.

HTH, Pierre.

--
Pierre Saint-Jacques
SES Consultants Inc.
514-737-4515
"%NAME%" <hu*********@gm ail.coma écrit dans le message de news:
11************* *********@n76g2 00...legr oups.com...
Suppose I am an admin of a database instance. Now
I need to specify that user A has the right to create tables
in his own schema, but not anywhere else.

In order to let user A create tables, i grant createtab to that user.
However, that would enable the user to create tables in other schemas
as well (except those sys schema).

Any way to restrict the users from creating objects in other schema
than their own?

thanks
Apr 15 '07 #2
I tried this. Somehow, the user is still able to perform the
following:
>db2 -t
connect to db user userid;
(enter password for that user)
>set schema otherid;
create table test (t char(5));
insert into test values ('sdfs');
"list tables" under that user shows zero tables, but the user is able
to "select * from otherid.test". syscat.tables also shows there is
such table. The following is what I got from "get authorizations"

Administrative Authorizations for Current User

Direct SYSADM authority = NO
Direct SYSCTRL authority = NO
Direct SYSMAINT authority = NO
Direct DBADM authority = NO
Direct CREATETAB authority = YES
Direct BINDADD authority = NO
Direct CONNECT authority = YES
Direct CREATE_NOT_FENC authority = NO
Direct IMPLICIT_SCHEMA authority = NO
Direct LOAD authority = NO

Indirect SYSADM authority = NO
Indirect SYSCTRL authority = NO
Indirect SYSMAINT authority = NO
Indirect DBADM authority = NO
Indirect CREATETAB authority = NO
Indirect BINDADD authority = NO
Indirect CONNECT authority = NO
Indirect CREATE_NOT_FENC authority = NO
Indirect IMPLICIT_SCHEMA authority = NO
Indirect LOAD authority = NO

I am really puzzled why this userid is still able to create table in
other
schema.


On Apr 15, 3:58 pm, "Pierre Saint-Jacques" <sesc...@invali d.net>
wrote:
As DBADM or SYSADMIN, make sure that you have issued:
CONNECT TO <dbname>
REVOKE IMPLICIT_SCHEMA on DATABASE FROM PUBLIC
CREATE SCHEMA <schnameAUTHORI SATION userid
GRANT CREATETAB on DATABASE to userid
CONNECT RESET
This will give userid the ability to createin,alteri n,dropin but only in the
<schname>. It will "own" the schema.

Apr 15 '07 #3
List tables for a userid does a list of table that are "owned" by that id.
The id userid and the schema is otherid. The table name is otherid.test and
will not show in the list.
If you have done the revoke for implicit_schema , are you sure that userid is
not a member of a group that would have that privilege. Your list of
authorizations show if it was not given the explicit privilege nor did it
acquire it implicitly from being part of public (you revoked from public).
What this list will never show is if this userid acquires the
implicit_schema privilege from being a member of a group.

You can track every step of your small script by turning on the DB2AUDIT
facility and look at its output.
This will tell you step by step who did what when and to what and the reason
the command succeeded or failed.

Regards, Pierre.

--
Pierre Saint-Jacques
SES Consultants Inc.
514-737-4515
"%NAME%" <hu*********@gm ail.coma écrit dans le message de news:
11************* *********@w1g20 00...legro ups.com...
>I tried this. Somehow, the user is still able to perform the
following:
>>db2 -t
connect to db user userid;
(enter password for that user)
>>set schema otherid;
create table test (t char(5));
insert into test values ('sdfs');

"list tables" under that user shows zero tables, but the user is able
to "select * from otherid.test". syscat.tables also shows there is
such table. The following is what I got from "get authorizations"

Administrative Authorizations for Current User

Direct SYSADM authority = NO
Direct SYSCTRL authority = NO
Direct SYSMAINT authority = NO
Direct DBADM authority = NO
Direct CREATETAB authority = YES
Direct BINDADD authority = NO
Direct CONNECT authority = YES
Direct CREATE_NOT_FENC authority = NO
Direct IMPLICIT_SCHEMA authority = NO
Direct LOAD authority = NO

Indirect SYSADM authority = NO
Indirect SYSCTRL authority = NO
Indirect SYSMAINT authority = NO
Indirect DBADM authority = NO
Indirect CREATETAB authority = NO
Indirect BINDADD authority = NO
Indirect CONNECT authority = NO
Indirect CREATE_NOT_FENC authority = NO
Indirect IMPLICIT_SCHEMA authority = NO
Indirect LOAD authority = NO

I am really puzzled why this userid is still able to create table in
other
schema.


On Apr 15, 3:58 pm, "Pierre Saint-Jacques" <sesc...@invali d.net>
wrote:
>As DBADM or SYSADMIN, make sure that you have issued:
CONNECT TO <dbname>
REVOKE IMPLICIT_SCHEMA on DATABASE FROM PUBLIC
CREATE SCHEMA <schnameAUTHORI SATION userid
GRANT CREATETAB on DATABASE to userid
CONNECT RESET
This will give userid the ability to createin,alteri n,dropin but only in
the
<schname>. It will "own" the schema.

Apr 19 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
6871
Creating a database is slow on Windows XP
by: Dim St Thomas | last post by:
I am a developer working on a database client program. I am testing this program on a Windows XP machine (1.5 GHz AMD chip, 480 Mb RAM, 60 Gb disk) This machine has Oracle 9.2.0.1.0 and RedBrick database software installed. I am testing the software by creating small test databases. If I create an Oracle database using the Database Configuration Assistant, it takes forever just to create the database. If I choose to create a new database...
Oracle Database
3
2784
Installing, creating database, updating schema?
by: Robin Tucker | last post by:
Hi there, I have a database on my test machine that will need to be installed on users machines. I would like to create the database with the given schema on the users machine and also with some suitable default values in the tables. I note that although I can script the schema so that re-creating the structure of the database is simple on the users machine, I cannot script the contents of the tables also (automatically). What I would...
Microsoft SQL Server
1
1582
Can I restrict both attribute contents and element contents in schema
by: Don Adams | last post by:
I would like to have the following XML: <phone type="work">555-123-1234</phone> <phone type="home">555-123-4321</phone> Is it possible to write a schema to restrict the contents of the type attribute to be enumerated ("work" or "home") AND restrict the contents of the <phone> element to match the pattern \d\d\d-\d\d\d-\d\d\d\d ? I know how to do one or the other, but I haven't figured out a way
.NET Framework
1
2213
xml schema, restrict value of the element by name of the element?
by: Maksim | last post by:
Trying to find out a way how to restrict value of the element by name of an element, it might be not even possible, but anyhow. Let's consider following snippet: <xs:element name="tag1" type="xs:string" /> <xs:element name="tag2" type="xs:string" /> <xs:element name="tag3" type="xs:string" /> .....
.NET Framework
3
3726
Regarding Delete Restrict
by: razheev | last post by:
Hi, I am doing a purge process and trying to delete rows .Let me know how efficiently I can handle the purge process because of the RI on the tables. TABLE A is a PARENT of TABLE B, TABLE C, TABLE D. I want to purge rows from all the tables TABLE A (Parent), TABLE B (Child), TABLE C (Child) and TABLE D (Child). All these tables have DELETE RESTRICT . I dont want to have the orphans in the table. I dont want to have the child row...
DB2 Database
21
2711
Help with corrupt table
by: Dan | last post by:
Hi, just ran into my first instance of a backend Access97 database not compacting. I'm getting the "MSACCESS.EXE has generated errors.." message on compact. I've narrowed it down to the largest table which cotains 600k of records. I've tried copying the database and trying to compact that -doesn't work. I've tried Repair and then compact which also doesn't work. I've tried to create a new database and import the tables but it flakes out...
Microsoft Access / VBA
3
8092
SQL Bulk load - creating Schema file
by: Kiran | last post by:
Hi, I want to back up my data in some table in SQL server and import it back using Bulk Load of SQL server 2K. I can use the following code to backup the data in XML dataset.WriteXml(@"C:\Data.xml"); dataset.WriteXmlSchema(@"C:\Schema1.xml");
C# / C Sharp
1
6394
Creating schema copy
by: Mariusz Czu³ada | last post by:
Hi, In a database I have to create new schemas with exactely the same structure as the default one. Of course, I could reverse a schema with pg_dump, then apply the script to the newly created one. The problem is the base schema sometimes changes so I should generate scripts every time. Also I need to do this from a stored function. My question: is it possible to extend (in near future) CREATE SCHEMA syntax with feature like:
PostgreSQL Database
1
2595
How to Restrict Attribute value in XML using XML Schema
by: john20 | last post by:
Hi All, I have an XMl structure and i am creating XML Schema document for validating xml document. What i want that for a particular element it should not allow same attribute name. for example below is the XML structure : <News> <Regional> <Report Region="Asia">
XML
0
8968
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9473
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
9334
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
9259
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9208
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
1
6750
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6053
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4569
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
3279
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us