Hi folks,
Who knows how to retrieve the owner of SQL objects, such as SCHEMA,
TABLE etc.? Is GRANTOR within catalog view owner?
Thanks,
Laurence
7  18250 
Laurence wrote:
Hi folks,
Who knows how to retrieve the owner of SQL objects, such as SCHEMA,
TABLE etc.? Is GRANTOR within catalog view owner?
Technically, there is no such thing as an "owner". You have users that have
CONTROL privilege on objects and, thus, can modify the object, for example
drop it.
Additionally, you could have a look at the DEFINER column in the respective
catalog view. But being a definer does not imply to be the owner. It does
not even imply that the definer has any privileges to the object in
question.
--
Knut Stolze
DB2 z/OS Utilities Development
IBM Germany
Thank you for the reply.
On page 227 in the book "Administration Guide: Implementation" stated
-"When a new database is created, PUBLIC is given IMPLICIT_SCHEMA
database authority. With this authority, any user can create a schema
by creating an object and specifying a schema name that does not
already exist. SYSIBM becomes the owner of the implicitly created
schema and PUBLIC is given the privilege to create objects in this
schema."
And in the middle of that page stated -"Any user with DBADM authority
can explicitly create any schema which does not already exist, and can
optionally specify another user as the owner of the schema."
In addition, I did the following tests:
1. Log-in as db2user1, and create table t1 (col1 int, col2 char(8)).
DB2 will create the schema named DB2USR1 implicitly. I cannot drop the
schema DB2USER1 after drop table t1, even though I granted the
CREATEIN/ALTERIN/DROPIN privileges. (SYSIBM should be an owner of
schema DB2USER1)
2. Log-in as db2user1, and create schema DB2USER1 explicitly. This
time, I can drop schema DB2USER1. (DB2USER1 should be an owner of
schema DB2USER1)
Is it because of "owner", so test 1 cannot drop schema DB2USER1? If it
is true, how can I find the right owner of schema? Because I cannot
find the owner-like column in the catalog views.
Laurence
Laurence wrote:
Thank you for the reply.
On page 227 in the book "Administration Guide: Implementation" stated
-"When a new database is created, PUBLIC is given IMPLICIT_SCHEMA
database authority. With this authority, any user can create a schema
by creating an object and specifying a schema name that does not
already exist. SYSIBM becomes the owner of the implicitly created
schema and PUBLIC is given the privilege to create objects in this
schema."
And in the middle of that page stated -"Any user with DBADM authority
can explicitly create any schema which does not already exist, and can
optionally specify another user as the owner of the schema."
Ok, schemas have owners. They are the exception.
In addition, I did the following tests:
1. Log-in as db2user1, and create table t1 (col1 int, col2 char(8)).
DB2 will create the schema named DB2USR1 implicitly. I cannot drop the
schema DB2USER1 after drop table t1, even though I granted the
CREATEIN/ALTERIN/DROPIN privileges. (SYSIBM should be an owner of
schema DB2USER1)
SYSIBM _is_ the owner of schema DB2USER1. So only SYSIBM (or a DBADM) can
drop this schema. http://publib.boulder.ibm.com/infoce...n/r0000945.htm
2. Log-in as db2user1, and create schema DB2USER1 explicitly. This
time, I can drop schema DB2USER1. (DB2USER1 should be an owner of
schema DB2USER1)
Is it because of "owner", so test 1 cannot drop schema DB2USER1? If it
is true, how can I find the right owner of schema? Because I cannot
find the owner-like column in the catalog views.
As usual, all such things are listed in the DB2 catalog views. So you
simply query the view:
SELECT owner
FROM syscat.schemata
WHERE schemaname = ...
--
Knut Stolze
DB2 z/OS Utilities Development
IBM Germany
Thanks for the reply.
By the way, users/groups/PUBLIC need have CREATEIN privilege on the
specific schema so that user can create SQL objects (like table) within
that specific schema. BUT, why user can drop SQL objects within the
specific schema when DROPIN privilege doesn't grant to
users/groups/PUBLIC for that specific schema?
Laurence
Thanks for the reply.
By the way, users/groups/PUBLIC need have CREATEIN privilege on the
specific schema so that user can create table within that specific
schema. BUT, why user can drop table within the specific schema when
DROPIN privilege doesn't grant to users/groups/PUBLIC for that specific
schema?
Is it because of the creator automatically have the CONTROL privilege
on that table? If it's true, when/what will need to check DROPIN
privilege for schema?
Laurence
Laurence wrote:
Thanks for the reply.
By the way, users/groups/PUBLIC need have CREATEIN privilege on the
specific schema so that user can create SQL objects (like table) within
that specific schema. BUT, why user can drop SQL objects within the
specific schema when DROPIN privilege doesn't grant to
users/groups/PUBLIC for that specific schema?
A user can have the required pivilege on the specific object without
having the privilege for all objects in the schema.
Since on CREATE the specific object doesn't yet exist the schema level
privilege is all there is.
So the design makes sense. (at least to me :-)
Cheers
Serge
--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab
If you have CREATEIN on the schema and CREATETAB on the db, you can create
an object in that schema. You are now the owner and have control of the
object which means you can drop it without having the DROPIN prvilege.
DROPIN would apply to objects that your AUTHID does not CONTROL.
HTH, Pierre.
--
Pierre Saint-Jacques
SES Consultants Inc.
514-737-4515
"Laurence" <wo**********@gmail.coma écrit dans le message de news: 11*********************@a75g2000cwd.googlegroups.c om...
Thanks for the reply.
By the way, users/groups/PUBLIC need have CREATEIN privilege on the
specific schema so that user can create SQL objects (like table) within
that specific schema. BUT, why user can drop SQL objects within the
specific schema when DROPIN privilege doesn't grant to
users/groups/PUBLIC for that specific schema?
Laurence
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Brian |
last post by:
Hi all,
I have two objects, A, which has-a B. At the same time, B is related
enough to A, that it needs to call methods from A... I can only think
of how to do this with the following method. ...
|
by: ritagoldman101 |
last post by:
Pls help - how to find Domain owner
For most people this may be an easy question...but not for me.
How can I find out who the owner of a domain is so I can write to her /
him and ask if she /...
|
by: Sharon |
last post by:
I’m writing a class that need to know the type or name of the class which
created me.
It can be done if the owner will pass his this, but I would like to do it
without the owner intervention....
|
by: John Regan |
last post by:
Hello All
I am trying to find the owner of a file or folder on our network (Windows
2000 Server) using VB.Net and/or API. so I can search for Folders that don't
follow our company's specified...
|
by: Mike Mascari |
last post by:
While migrating to 7.4, which performs quite nicely btw, I must have
performed some sequence of the migration incorrectly. Now, when I use
pg_dump on a database for backup, I get:
pg_dump:...
|
by: ArijitChaterjee |
last post by:
I have a MS SQL Server Database which consists of several Tables, amongh some has owner as "dbo" and some has another owner like "xyz".
Is there any T-SQL that can change the owner of the tables to...
|
by: Teresa Masino |
last post by:
I'm probably forgetting something basic, but right now I'm stumped.
We are moving a database to a new server. bcp'd out the login
accounts and bcp'd them into the new server. Restored the...
|
by: aj |
last post by:
SQL Server 2005 SP2
What is the significance of the owner of a database being sa as
opposed to some administrative (or non-administrative) local login?
Should I favor one over the other?
...
|
by: SimeonD |
last post by:
Hi
Is there a way I can fnd the Owner of a folder, using vb.net? I know how to
find the permissions, but I can't figure how to find the owner.
Thanks
SimeonD
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
