By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,611 Members | 1,693 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,611 IT Pros & Developers. It's quick & easy.

Security Question re DB2 V8

P: n/a
Environment: DB2 Personal Edition V8 on Windows XP.

If I, as Sysadm, grant a privilege to user Fred WITH GRANT OPTION and then
Fred in turn grants it to Barney, shouldn't both Fred AND Barney lose the
privilege if I revoke it from Fred?

I did this while signed in as Sysadm:
grant select on xyz.department to fred with grant option

When Fred signed in via:
connect to sample user fred using fred
he was able to connect just fine. He was also able to do this:
grant select on xyz.department to barney

When Barney then signed in via:
connect to sample user barney using barney
he was able to read the table:
select * from xyz.department

So far so good, everything is working as expected. Then I signed in as
Sysadm and executed this:
revoke select on xyz.department from fred

As expected, when Fred signed in via:
connect to sample user fred using fred
he was able to connect just fine. However, he failed when he tried to do
this:
select * from xyz.department

Again, this is exactly as expected.

When Barney signed in via:
connect to sample user barney using barney
he connected just fine and had no trouble reading the table:
select * from xyz.department

This was a complete surprise to me! I had always understood that when I give
a privilege to one person with the grant option, and if they then passed the
privileges on to someone else, both the original grantee _and everyone he
had granted the privilege in turn_ would lose the privilege when I revoked
it from the original grantee. At least, that's how it always worked in DB2
on OS/390!!

Are the rules different in DB2 on Windows?? Or have I been wrong all along
in thinking that revokes of privileges granted With Grant Option also revoke
those privileges from everyone who received the privilege from the original
grantee?? Or have I found a bug in DB2 PE for Windows??

I would be very grateful for a clarification of what I am experiencing!

--

Rhino
Dec 3 '07 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.