Thread: RE: IDS 10
View Single Post

   
  #2 (permalink)  
Old 04-20-2008, 08:42 AM
Jonathan Leffler
 
Posts: n/a
Default Re: IDS 10
Campbell, John (GE Consumer Finance) wrote:
> Can't we already achieve this same functionality in previous versions
> of IDS? Leave out the word default and that is how roles already work -
> activated at the session level. So what is the improvement or change?

(a) Please avoid top-posting.
(b) No you can't achieve this functionality in earlier versions of IDS.
In XPS you could, through the sysdbopen (spelling?) procedure.
(c) When you establish a connection to a database prior to v10.00, there
is no role active until something triggered by the application sets
a role.
(d) By contrast, if a default role is established in IDS 10.00, when the
user connects, that default role will be active until something the
application does changes the role.

> -----Original Message-----
> From: owner-informix-list@iiug.org
> [mailtowner-informix-list@iiug.org]On Behalf Of david@smooth1.co.uk
> Sent: Monday, July 04, 2005 4:38 PM
> To: informix-list@iiug.org
> Subject: Re: IDS 10
>
>
>
> The new default role in IDS 10 is applied to a user at connection time.
> It is at the session level not the database level.
>
> You need to "grant default role dave to <user>;"
>
> I've just done this against IDS 10.00.TC1TL on Windows XP:-
>
>
> In a dbaccess session as user djw;
>
> create database djw;
> database djw;
> create table a ( b int);
> revoke all on a from public;
> grant connect to o2;
>
> in a separate dbaccess session:-
>
> Connection-> Connect -> select database server
> input user name o2 and password
> select database djw
>
> select * from a
> # ^
> # 272: No SELECT permission.
> #
>
> In the first dbaccess session:-
>
> create role dave;
> grant select on a to dave;
> grant default role dave to o2;
>
> In the second dbaccess session
>
> Connection-> Connect -> select database server
> input user name o2 and password
> select database djw
>
> select * from a;
>
> b
>
> 1
>
> In first dbaccess session:-
>
> revoke default role from o2
>
> In second dbaccess session:-
>
> select * from a;
>
>
> b
>
> 1
>
> NOTE: User has not reconnected so they retain select privilege since
> their
> sessions still has that role as it's current role. However reconnect
> and:-
>
> Connection-> Connect -> select database server
> input user name o2 and password
> select database djw
>
> select * from a
> # ^
> # 272: No SELECT permission.
> #
>
>
> sending to informix-list


--
Jonathan Leffler #include <disclaimer.h>
Email: jleffler@earthlink.net, jleffler@us.ibm.com
Guardian of DBD::Informix v2005.01 -- http://dbi.perl.org/
Reply With Quote