Any way to stop programmers from creating views? 
Author Message
 Any way to stop programmers from creating views?

Sorry if this is a faq, I have a programmer that
is running amuck creating views, particularly ones
on our development system pointing at tables on our
production system, which is verboden.  Personnel and
political issues aside, is there any way to stop him?

-- todd --



Fri, 04 Jun 2004 23:14:10 GMT
 Any way to stop programmers from creating views?

Cut their hands off ????

Revoke everything but connect from them?
Create a list of 'permitted' views and regularly drop all views that
are not in that list.

Quote:

> Sorry if this is a faq, I have a programmer that
> is running amuck creating views, particularly ones
> on our development system pointing at tables on our
> production system, which is verboden.  Personnel and
> political issues aside, is there any way to stop him?

> -- todd --

--
Paul Watson             #          
Oninit Ltd              # Growing old is mandatory
Tel: +44 1436 672201    # Growing up is optional
Fax: +44 1436 678693    #
www.oninit.com          #


Sat, 05 Jun 2004 00:33:12 GMT
 Any way to stop programmers from creating views?
Revoke resource permission from him?

If you set him as a DBA, revoke that too :-)



Quote:

> Sorry if this is a faq, I have a programmer that
> is running amuck creating views, particularly ones
> on our development system pointing at tables on our
> production system, which is verboden.  Personnel and
> political issues aside, is there any way to stop him?

> -- todd --



Sat, 05 Jun 2004 05:19:03 GMT
 Any way to stop programmers from creating views?
Quote:

>Sorry if this is a faq, I have a programmer that
>is running amuck creating views, particularly ones
>on our development system pointing at tables on our
>production system, which is verboden.  Personnel and
>political issues aside, is there any way to stop him?

Anyone who can't work within the rules of their organisation's IT policy
should be looking for a job at McDonalds until they learn to smile and do
exactly what the boss tells them to do. Make it clear to this clown (no
offence, obbie) that if they don't pull their head in it will be cut off.
Threatening the integrity of the production database is a capital offence.
--
Space Corps Directive #997
Work done by an officer's doppleganger in a parallel
universe cannot be claimed as overtime.
    -- Red Dwarf


Sat, 05 Jun 2004 07:27:59 GMT
 Any way to stop programmers from creating views?

Alas, he has nothing more than connect.

Quote:

>  X-Track: 1: 40

>  Date: Mon, 17 Dec 2001 21:19:03 GMT

>  X-List-Gateway: comp.databases.informix

>  Revoke resource permission from him?

>  If you set him as a DBA, revoke that too :-)



>  > Sorry if this is a faq, I have a programmer that
>  > is running amuck creating views, particularly ones
>  > on our development system pointing at tables on our
>  > production system, which is verboden.  Personnel and
>  > political issues aside, is there any way to stop him?

>  > -- todd --



Sat, 05 Jun 2004 23:07:41 GMT
 Any way to stop programmers from creating views?

You haven't perhaps created the user "public" with resource or dba rights ?

Quote:
-----Original Message-----

Sent: 18 December 2001 17:08


Subject: Re: Any way to stop programmers from creating views?

Alas, he has nothing more than connect.


> Dec 2001 13:57:51 -0800 (PST)
>  X-Track: 1: 40

>  Date: Mon, 17 Dec 2001 21:19:03 GMT

>  X-List-Gateway: comp.databases.informix

>  Revoke resource permission from him?

>  If you set him as a DBA, revoke that too :-)



>  > Sorry if this is a faq, I have a programmer that
>  > is running amuck creating views, particularly ones
>  > on our development system pointing at tables on our
>  > production system, which is verboden.  Personnel and
>  > political issues aside, is there any way to stop him?

>  > -- todd --



Sat, 05 Jun 2004 23:23:14 GMT
 Any way to stop programmers from creating views?

Nope.  the only dba is informix....

Quote:

> You haven't perhaps created the user "public" with resource or dba rights ?

> -----Original Message-----

> Sent: 18 December 2001 17:08


> Subject: Re: Any way to stop programmers from creating views?

> Alas, he has nothing more than connect.


> > Dec 2001 13:57:51 -0800 (PST)
> >  X-Track: 1: 40

> >  Date: Mon, 17 Dec 2001 21:19:03 GMT

> >  X-List-Gateway: comp.databases.informix

> >  Revoke resource permission from him?

> >  If you set him as a DBA, revoke that too :-)



> >  > Sorry if this is a faq, I have a programmer that
> >  > is running amuck creating views, particularly ones
> >  > on our development system pointing at tables on our
> >  > production system, which is verboden.  Personnel and
> >  > political issues aside, is there any way to stop him?

> >  > -- todd --

--
---------------------------------------------------------------
   .~. Todd Roy, Senior Database Administrator .~.
   /V\    Holstein Association, U.S.A. Inc.    /V\

 /(   )\        1-802-254-4551x4230          /(   )\
  ^^-^^                                       ^^-^^
"They that can give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety."
                -- Benjamin Franklin, 1759
---------------------------------------------------------------
**************************************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

**************************************************************************************



Sat, 05 Jun 2004 23:27:22 GMT
 Any way to stop programmers from creating views?

If none of the points already covered hit the button then is it the
application code creating the views?

I have come across this situation where the application is running as
INFORMIX (or another privileged user) therefore having full (DBA/resource)
permissions. The user themselves could not create views through SQL but the
compiled application when run in the application environment could (both
test and production).

If this is the case at your site, the only way to stop this is to run the
application as a lower privileged user. BUT!!!!! You may find parts of the
application that need a privileged user as they create views (indexes etc.)
that are needed for the running of the App. Even if you get away from the
informix user you could still have the same problem.

Informix should ONLY be used to maintain the DB Instances and the DBMS
software/environment. IMO the informix user should not be the owner of any
application objects or it is difficult to impose your will, no sorry power,
no no, control of the user community. If your environment was/is used in
this way you can restrict the application user as well as SQL users. There
are arguments either way over allowing application code to create DB objects
but I'm not going there, as opinion could drive a wedge in this *friendly*
UG.

Hapy hunting with the comments from previous replies!!!!  ;-))

Regards
Geoff Roff
-.-- --- ..-  -.-. .- -.  - . .- -.-. ....  .- -.  --- .-.. -..  -.. --- --.
-. . .--  - .-. .. -.-. -.- ...
BBS IT Support - Senior DBA (Informix, Ingres, Oracle)
Telephone:      01603 69 5271
Fax:            01603 69 5717
Mobile:         0780 1180 687


<snip>
        Nope.  the only dba is informix....
<snip>

**********************************************************************************
This message may contain information which is confidential and subject to
legal privilege. If you are not the intended recipient, you may not peruse,
use, disseminate, distribute or copy this message. If you have received this
message in error, please notify the sender immediately by email, facsimile
or telephone and return and/or destroy all copies of the message.
This footnote also confirms that this email message has been swept for
the presence of computer viruses; however we cannot guarantee that this
message is free from such problems.
**********************************************************************************



Sun, 06 Jun 2004 17:51:28 GMT
 Any way to stop programmers from creating views?

According to the fine manual "Informix Guide to SQL: Syntax" some of the
privileges for grant connect are listed as: "create synonyms, create views,
provided the user has Select privilege on the underlying tables".  If I am
not missing something, that would indicate creating views is a default
privilege given if they only have select or connect permissions.  Is there
something I'm missing? That seems kind of scary to me if true.

Quote:
-----Original Message-----

Sent: Tuesday, December 18, 2001 9:27 AM


Subject: Re: Any way to stop programmers from creating views?

Nope.  the only dba is informix....


> You haven't perhaps created the user "public" with resource or dba rights
?

> -----Original Message-----

> Sent: 18 December 2001 17:08


> Subject: Re: Any way to stop programmers from creating views?

> Alas, he has nothing more than connect.


> > Dec 2001 13:57:51 -0800 (PST)
> >  X-Track: 1: 40

> >  Date: Mon, 17 Dec 2001 21:19:03 GMT

> >  X-List-Gateway: comp.databases.informix

> >  Revoke resource permission from him?

> >  If you set him as a DBA, revoke that too :-)



> >  > Sorry if this is a faq, I have a programmer that
> >  > is running amuck creating views, particularly ones
> >  > on our development system pointing at tables on our
> >  > production system, which is verboden.  Personnel and
> >  > political issues aside, is there any way to stop him?

> >  > -- todd --

--
---------------------------------------------------------------
   .~. Todd Roy, Senior Database Administrator .~.
   /V\    Holstein Association, U.S.A. Inc.    /V\

 /(   )\        1-802-254-4551x4230          /(   )\
  ^^-^^                                       ^^-^^
"They that can give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety."
                -- Benjamin Franklin, 1759
---------------------------------------------------------------
****************************************************************************
**********
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

****************************************************************************
**********



Tue, 08 Jun 2004 00:34:31 GMT
 Any way to stop programmers from creating views?
Quote:

>According to the fine manual "Informix Guide to SQL: Syntax" some of the
>privileges for grant connect are listed as: "create synonyms, create views,
>provided the user has Select privilege on the underlying tables".  If I am
>not missing something, that would indicate creating views is a default
>privilege given if they only have select or connect permissions.  Is there
>something I'm missing? That seems kind of scary to me if true.

Well, it's not really scary. If someone has select permission on a table
then there's absolutely no difference in how they select from that table!
Why not select thru a view? What's the difference? The problem you seem to
be having is that they are using ANY method to play with production tables.
Therefore you need to block permissions for this idiot on the production
server. Make sure they don't have update, insert, delete perms on the
production table(s) and they can't do any damage.

Don't forget, if you *only* have select permission on a table, then despite
creating a view, you cannot magically achieve modification permissions
merely by creating a view, synonym or stored procedure.

--
Space Corps Directive #997
Work done by an officer's doppleganger in a parallel
universe cannot be claimed as overtime.
    -- Red Dwarf
..  ... .--. .. -  --- -.  --- .-. .- -.-. .-.. .



Tue, 08 Jun 2004 06:31:41 GMT
 
 [ 10 post ] 

 Relevant Pages 

1. Stop syncobj views from being created?

2. Creating a local view using CREATE SQL VIEW

3. Different SQL Server's Approaching View in different ways

4. are there ways to edit views by hand?

5. create indexs in Views Based on Views

6. MSSQL 6.5 View created with other Views

7. how to create view in data view by usong ODBC

8. create view on a v$ view

9. CREATE VIEW: Table or view does not exist (ORA-00942)

10. create view on v$ views........

11. Create views based on DBA_ views...


 
Powered by phpBB® Forum Software