indirect CREATETAB authority 
Author Message
 indirect CREATETAB authority
DB2 UDB 6.1 in UNIX automatically granted all users to create table
indirectly.
I want to revoke this  Indirect CREATETAB authority for a specific user.
I had already searched the DB2 documents but to no avail.  So, how can I
revoke
this indirect privilege. Any ideas?


Tue, 13 Aug 2002 03:00:00 GMT
 indirect CREATETAB authority

From the SQL reference on the REVOKE statement

Connect to the database
issue: REVOKE CREATETAB ON DATABASE FROM USER <user name>

If you wish to revoke from the general population:

issue: REVOKE CREATETAB ON DATABASE FROM PUBLIC

Quote:

> DB2 UDB 6.1 in UNIX automatically granted all users to create table
> indirectly.
> I want to revoke this  Indirect CREATETAB authority for a specific user.
> I had already searched the DB2 documents but to no avail.  So, how can I
> revoke
> this indirect privilege. Any ideas?

--

Bob Harbus
DB2 UDB Data Management Consulting Services - IBM Toronto
IBM Certified Solutions Expert - DB2 UDB V6.1 Database Administration for
UNIX, Windows and OS/2
IBM Certified Advanced Technical Expert - DB2 UDB V6.1 for UNIX, Windows and
OS/2
IBM Certified Solutions Expert - Business Intelligence



Tue, 13 Aug 2002 03:00:00 GMT
 indirect CREATETAB authority
this command only revoked the CREATETAB privilege the DBADM or the SYSADM
granted.
The indirect CREATETAB which DB2 given automatically to user is the one that
I want to revoke.
If you issue command 'GET AUTHORIZATIONS' it will show you the indirect
privileges of a user associated with a group.
The documentation says
"Direct authorities are acquired by explicit commands that grant the
authorities to a user ID. Indirect authorities are based on authorities
acquired by the groups to which a user belongs"
(see this on GET AUTHORIZATIONS command reference)

I already did a revoke command for the group which the specified user
belongs and DB2 tells me that the group does not hold the privilege. Below
are the commands I had used and their corresponding messages.

REVOKE CREATETAB ON DATABASE from group db2user

DB21034E  The command was processed as an SQL statement because it was not a
valid Command Line Processor command.  During SQL processing it returned:
SQL0556N  An attempt to revoke a privilege from "DB2USER" was denied because
"DB2USER" does not hold this privilege.  SQLSTATE=42504

GET AUTHORIZATIONS

 Administrative Authorizations for Current User

 Direct SYSADM authority              = NO
 Direct SYSCTRL authority             = NO
 Direct SYSMAINT authority            = NO
 Direct DBADM authority               = NO
 Direct CREATETAB authority           = NO
 Direct BINDADD authority             = NO
 Direct CONNECT authority             = NO
 Direct CREATE_NOT_FENC authority     = NO
 Direct IMPLICIT_SCHEMA authority     = NO

 Indirect SYSADM authority            = NO
 Indirect SYSCTRL authority           = NO
 Indirect SYSMAINT authority          = NO
 Indirect DBADM authority             = NO
 Indirect CREATETAB authority         = YES
 Indirect BINDADD authority           = YES
 Indirect CONNECT authority           = YES
 Indirect CREATE_NOT_FENC authority   = NO
 Indirect IMPLICIT_SCHEMA authority   = YES

Anybody having this scenario? Please tell me.

SuperPedro


Quote:
> From the SQL reference on the REVOKE statement

> Connect to the database
> issue: REVOKE CREATETAB ON DATABASE FROM USER <user name>

> If you wish to revoke from the general population:

> issue: REVOKE CREATETAB ON DATABASE FROM PUBLIC


> > DB2 UDB 6.1 in UNIX automatically granted all users to create table
> > indirectly.
> > I want to revoke this  Indirect CREATETAB authority for a specific user.
> > I had already searched the DB2 documents but to no avail.  So, how can I
> > revoke
> > this indirect privilege. Any ideas?

> --

> Bob Harbus
> DB2 UDB Data Management Consulting Services - IBM Toronto
> IBM Certified Solutions Expert - DB2 UDB V6.1 Database Administration for
> UNIX, Windows and OS/2
> IBM Certified Advanced Technical Expert - DB2 UDB V6.1 for UNIX, Windows
and
> OS/2
> IBM Certified Solutions Expert - Business Intelligence




Fri, 16 Aug 2002 03:00:00 GMT
 indirect CREATETAB authority
Good day folks!

Any update on this? Is this a DB2 bug? or I just don't know what to do. Your
help is greatly appreciated.


Quote:
> this command only revoked the CREATETAB privilege the DBADM or the SYSADM
> granted.
> The indirect CREATETAB which DB2 given automatically to user is the one
that
> I want to revoke.
> If you issue command 'GET AUTHORIZATIONS' it will show you the indirect
> privileges of a user associated with a group.
> The documentation says
> "Direct authorities are acquired by explicit commands that grant the
> authorities to a user ID. Indirect authorities are based on authorities
> acquired by the groups to which a user belongs"
> (see this on GET AUTHORIZATIONS command reference)

> I already did a revoke command for the group which the specified user
> belongs and DB2 tells me that the group does not hold the privilege. Below
> are the commands I had used and their corresponding messages.

> REVOKE CREATETAB ON DATABASE from group db2user

> DB21034E  The command was processed as an SQL statement because it was not
a
> valid Command Line Processor command.  During SQL processing it returned:
> SQL0556N  An attempt to revoke a privilege from "DB2USER" was denied
because
> "DB2USER" does not hold this privilege.  SQLSTATE=42504

> GET AUTHORIZATIONS

>  Administrative Authorizations for Current User

>  Direct SYSADM authority              = NO
>  Direct SYSCTRL authority             = NO
>  Direct SYSMAINT authority            = NO
>  Direct DBADM authority               = NO
>  Direct CREATETAB authority           = NO
>  Direct BINDADD authority             = NO
>  Direct CONNECT authority             = NO
>  Direct CREATE_NOT_FENC authority     = NO
>  Direct IMPLICIT_SCHEMA authority     = NO

>  Indirect SYSADM authority            = NO
>  Indirect SYSCTRL authority           = NO
>  Indirect SYSMAINT authority          = NO
>  Indirect DBADM authority             = NO
>  Indirect CREATETAB authority         = YES
>  Indirect BINDADD authority           = YES
>  Indirect CONNECT authority           = YES
>  Indirect CREATE_NOT_FENC authority   = NO
>  Indirect IMPLICIT_SCHEMA authority   = YES

> Anybody having this scenario? Please tell me.

> SuperPedro



> > From the SQL reference on the REVOKE statement

> > Connect to the database
> > issue: REVOKE CREATETAB ON DATABASE FROM USER <user name>

> > If you wish to revoke from the general population:

> > issue: REVOKE CREATETAB ON DATABASE FROM PUBLIC


> > > DB2 UDB 6.1 in UNIX automatically granted all users to create table
> > > indirectly.
> > > I want to revoke this  Indirect CREATETAB authority for a specific
user.
> > > I had already searched the DB2 documents but to no avail.  So, how can
I
> > > revoke
> > > this indirect privilege. Any ideas?

> > --

> > Bob Harbus
> > DB2 UDB Data Management Consulting Services - IBM Toronto
> > IBM Certified Solutions Expert - DB2 UDB V6.1 Database Administration
for
> > UNIX, Windows and OS/2
> > IBM Certified Advanced Technical Expert - DB2 UDB V6.1 for UNIX, Windows
> and
> > OS/2
> > IBM Certified Solutions Expert - Business Intelligence




Sun, 18 Aug 2002 03:00:00 GMT
 indirect CREATETAB authority
Good day folks!

Any update on this? Is this a bug in DB2 or I just don't know what to do.


Quote:
> this command only revoked the CREATETAB privilege the DBADM or the SYSADM
> granted.
> The indirect CREATETAB which DB2 given automatically to user is the one
that
> I want to revoke.
> If you issue command 'GET AUTHORIZATIONS' it will show you the indirect
> privileges of a user associated with a group.
> The documentation says
> "Direct authorities are acquired by explicit commands that grant the
> authorities to a user ID. Indirect authorities are based on authorities
> acquired by the groups to which a user belongs"
> (see this on GET AUTHORIZATIONS command reference)

> I already did a revoke command for the group which the specified user
> belongs and DB2 tells me that the group does not hold the privilege. Below
> are the commands I had used and their corresponding messages.

> REVOKE CREATETAB ON DATABASE from group db2user

> DB21034E  The command was processed as an SQL statement because it was not
a
> valid Command Line Processor command.  During SQL processing it returned:
> SQL0556N  An attempt to revoke a privilege from "DB2USER" was denied
because
> "DB2USER" does not hold this privilege.  SQLSTATE=42504

> GET AUTHORIZATIONS

>  Administrative Authorizations for Current User

>  Direct SYSADM authority              = NO
>  Direct SYSCTRL authority             = NO
>  Direct SYSMAINT authority            = NO
>  Direct DBADM authority               = NO
>  Direct CREATETAB authority           = NO
>  Direct BINDADD authority             = NO
>  Direct CONNECT authority             = NO
>  Direct CREATE_NOT_FENC authority     = NO
>  Direct IMPLICIT_SCHEMA authority     = NO

>  Indirect SYSADM authority            = NO
>  Indirect SYSCTRL authority           = NO
>  Indirect SYSMAINT authority          = NO
>  Indirect DBADM authority             = NO
>  Indirect CREATETAB authority         = YES
>  Indirect BINDADD authority           = YES
>  Indirect CONNECT authority           = YES
>  Indirect CREATE_NOT_FENC authority   = NO
>  Indirect IMPLICIT_SCHEMA authority   = YES

> Anybody having this scenario? Please tell me.

> SuperPedro



> > From the SQL reference on the REVOKE statement

> > Connect to the database
> > issue: REVOKE CREATETAB ON DATABASE FROM USER <user name>

> > If you wish to revoke from the general population:

> > issue: REVOKE CREATETAB ON DATABASE FROM PUBLIC


> > > DB2 UDB 6.1 in UNIX automatically granted all users to create table
> > > indirectly.
> > > I want to revoke this  Indirect CREATETAB authority for a specific
user.
> > > I had already searched the DB2 documents but to no avail.  So, how can
I
> > > revoke
> > > this indirect privilege. Any ideas?

> > --

> > Bob Harbus
> > DB2 UDB Data Management Consulting Services - IBM Toronto
> > IBM Certified Solutions Expert - DB2 UDB V6.1 Database Administration
for
> > UNIX, Windows and OS/2
> > IBM Certified Advanced Technical Expert - DB2 UDB V6.1 for UNIX, Windows
> and
> > OS/2
> > IBM Certified Solutions Expert - Business Intelligence




Sun, 18 Aug 2002 03:00:00 GMT
 indirect CREATETAB authority
By default when a database is created, implicit privileges are given to a
special DB2 group called PUBLIC. These privileges include:

CREATETAB
BINDADD
CONNECT
IMPLICIT_SCHEMA

If you want to remove the ability for any user (since all users are part of
PUBLIC) to be able to create a table in the database unless you explicitly grant
them this privilege, you must

REVOKE CREATETAB ON DATABASE FROM PUBLIC

as indicated in my original posting

Quote:

> Good day folks!

> Any update on this? Is this a DB2 bug? or I just don't know what to do. Your
> help is greatly appreciated.



> > this command only revoked the CREATETAB privilege the DBADM or the SYSADM
> > granted.
> > The indirect CREATETAB which DB2 given automatically to user is the one
> that
> > I want to revoke.
> > If you issue command 'GET AUTHORIZATIONS' it will show you the indirect
> > privileges of a user associated with a group.
> > The documentation says
> > "Direct authorities are acquired by explicit commands that grant the
> > authorities to a user ID. Indirect authorities are based on authorities
> > acquired by the groups to which a user belongs"
> > (see this on GET AUTHORIZATIONS command reference)

> > I already did a revoke command for the group which the specified user
> > belongs and DB2 tells me that the group does not hold the privilege. Below
> > are the commands I had used and their corresponding messages.

> > REVOKE CREATETAB ON DATABASE from group db2user

> > DB21034E  The command was processed as an SQL statement because it was not
> a
> > valid Command Line Processor command.  During SQL processing it returned:
> > SQL0556N  An attempt to revoke a privilege from "DB2USER" was denied
> because
> > "DB2USER" does not hold this privilege.  SQLSTATE=42504

> > GET AUTHORIZATIONS

> >  Administrative Authorizations for Current User

> >  Direct SYSADM authority              = NO
> >  Direct SYSCTRL authority             = NO
> >  Direct SYSMAINT authority            = NO
> >  Direct DBADM authority               = NO
> >  Direct CREATETAB authority           = NO
> >  Direct BINDADD authority             = NO
> >  Direct CONNECT authority             = NO
> >  Direct CREATE_NOT_FENC authority     = NO
> >  Direct IMPLICIT_SCHEMA authority     = NO

> >  Indirect SYSADM authority            = NO
> >  Indirect SYSCTRL authority           = NO
> >  Indirect SYSMAINT authority          = NO
> >  Indirect DBADM authority             = NO
> >  Indirect CREATETAB authority         = YES
> >  Indirect BINDADD authority           = YES
> >  Indirect CONNECT authority           = YES
> >  Indirect CREATE_NOT_FENC authority   = NO
> >  Indirect IMPLICIT_SCHEMA authority   = YES

> > Anybody having this scenario? Please tell me.

> > SuperPedro



> > > From the SQL reference on the REVOKE statement

> > > Connect to the database
> > > issue: REVOKE CREATETAB ON DATABASE FROM USER <user name>

> > > If you wish to revoke from the general population:

> > > issue: REVOKE CREATETAB ON DATABASE FROM PUBLIC


> > > > DB2 UDB 6.1 in UNIX automatically granted all users to create table
> > > > indirectly.
> > > > I want to revoke this  Indirect CREATETAB authority for a specific
> user.
> > > > I had already searched the DB2 documents but to no avail.  So, how can
> I
> > > > revoke
> > > > this indirect privilege. Any ideas?

--

Bob Harbus
DB2 UDB Data Management Consulting Services - IBM Toronto
IBM Certified Solutions Expert - DB2 UDB V6.1 Database Administration for UNIX,
Windows and OS/2
IBM Certified Advanced Technical Expert - DB2 UDB V6.1 for UNIX, Windows and
OS/2
IBM Certified Solutions Expert - Business Intelligence



Mon, 19 Aug 2002 03:00:00 GMT
 indirect CREATETAB authority
Thanks Bob, I guess I misinterpreted you original posting and not reading it
properly.


Quote:
> From the SQL reference on the REVOKE statement

> Connect to the database
> issue: REVOKE CREATETAB ON DATABASE FROM USER <user name>

> If you wish to revoke from the general population:

> issue: REVOKE CREATETAB ON DATABASE FROM PUBLIC


> > DB2 UDB 6.1 in UNIX automatically granted all users to create table
> > indirectly.
> > I want to revoke this  Indirect CREATETAB authority for a specific user.
> > I had already searched the DB2 documents but to no avail.  So, how can I
> > revoke
> > this indirect privilege. Any ideas?

> --

> Bob Harbus
> DB2 UDB Data Management Consulting Services - IBM Toronto
> IBM Certified Solutions Expert - DB2 UDB V6.1 Database Administration for
> UNIX, Windows and OS/2
> IBM Certified Advanced Technical Expert - DB2 UDB V6.1 for UNIX, Windows
and
> OS/2
> IBM Certified Solutions Expert - Business Intelligence




Mon, 19 Aug 2002 03:00:00 GMT
 indirect CREATETAB authority
Thanks Bob, I guess I misinterpreted you original posting and not reading it
properly.


Quote:
> From the SQL reference on the REVOKE statement

> Connect to the database
> issue: REVOKE CREATETAB ON DATABASE FROM USER <user name>

> If you wish to revoke from the general population:

> issue: REVOKE CREATETAB ON DATABASE FROM PUBLIC


> > DB2 UDB 6.1 in UNIX automatically granted all users to create table
> > indirectly.
> > I want to revoke this  Indirect CREATETAB authority for a specific user.
> > I had already searched the DB2 documents but to no avail.  So, how can I
> > revoke
> > this indirect privilege. Any ideas?

> --

> Bob Harbus
> DB2 UDB Data Management Consulting Services - IBM Toronto
> IBM Certified Solutions Expert - DB2 UDB V6.1 Database Administration for
> UNIX, Windows and OS/2
> IBM Certified Advanced Technical Expert - DB2 UDB V6.1 for UNIX, Windows
and
> OS/2
> IBM Certified Solutions Expert - Business Intelligence




Mon, 19 Aug 2002 03:00:00 GMT
 
 [ 8 post ] 

 Relevant Pages 

1. DB2 Permissions - createtab in schema

2. Indirect Synch

3. SQL Server 7.0 Indirect synchronization

4. Indirect reference of columns by using variables (Newbi)

5. Indirect referencing of a column in a view

6. Indirect trigger recursion

7. Indirect references in SQL?

8. Indirect Replication

9. Indirect Replication

10. Indirect DAO synchro ?

11. Problem with Indirect loading of forms.


 
Powered by phpBB® Forum Software