Environment: DB2 Personal Edition V8 on Windows XP.
If I, as Sysadm, grant a privilege to user Fred WITH GRANT OPTION and then
Fred in turn grants it to Barney, shouldn't both Fred AND Barney lose the
privilege if I revoke it from Fred?
I did this while signed in as Sysadm:
grant select on xyz.department to fred with grant option
When Fred signed in via:
connect to sample user fred using fred
he was able to connect just fine. He was also able to do this:
grant select on xyz.department to barney
When Barney then signed in via:
connect to sample user barney using barney
he was able to read the table:
select * from xyz.department
So far so good, everything is working as expected. Then I signed in as
Sysadm and executed this:
revoke select on xyz.department from fred
As expected, when Fred signed in via:
connect to sample user fred using fred
he was able to connect just fine. However, he failed when he tried to do
this:
select * from xyz.department
Again, this is exactly as expected.
When Barney signed in via:
connect to sample user barney using barney
he connected just fine and had no trouble reading the table:
select * from xyz.department
This was a complete surprise to me! I had always understood that when I give
a privilege to one person with the grant option, and if they then passed the
privileges on to someone else, both the original grantee _and everyone he
had granted the privilege in turn_ would lose the privilege when I revoked
it from the original grantee. At least, that's how it always worked in DB2
on OS/390!!
Are the rules different in DB2 on Windows?? Or have I been wrong all along
in thinking that revokes of privileges granted With Grant Option also revoke
those privileges from everyone who received the privilege from the original
grantee?? Or have I found a bug in DB2 PE for Windows??
I would be very grateful for a clarification of what I am experiencing!
--
Rhino