Can't we already achieve this same functionality in previous versions of IDS? Leave out the word default and that is how roles already work - activated at the session level. So what is the improvement or change?
-----Original Message-----
From:
owner-informix-list@iiug.org
[mailto
wner-informix-list@iiug.org]On Behalf Of
david@smooth1.co.uk
Sent: Monday, July 04, 2005 4:38 PM
To:
informix-list@iiug.org
Subject: Re: IDS 10
The new default role in IDS 10 is applied to a user at connection time.
It is at the session level not the database level.
You need to "grant default role dave to <user>;"
I've just done this against IDS 10.00.TC1TL on Windows XP:-
In a dbaccess session as user djw;
create database djw;
database djw;
create table a ( b int);
revoke all on a from public;
grant connect to o2;
in a separate dbaccess session:-
Connection-> Connect -> select database server
input user name o2 and password
select database djw
select * from a
# ^
# 272: No SELECT permission.
#
In the first dbaccess session:-
create role dave;
grant select on a to dave;
grant default role dave to o2;
In the second dbaccess session
Connection-> Connect -> select database server
input user name o2 and password
select database djw
select * from a;
b
1
In first dbaccess session:-
revoke default role from o2
In second dbaccess session:-
select * from a;
b
1
NOTE: User has not reconnected so they retain select privilege since
their
sessions still has that role as it's current role. However reconnect
and:-
Connection-> Connect -> select database server
input user name o2 and password
select database djw
select * from a
# ^
# 272: No SELECT permission.
#
sending to informix-list