Currently on 9.4.FC5 Solaris 9 SE6320. Anticipating upgrade to IDS10. Any advice or suggestions? I did some very limited testing but had to move onto more pressing matters. I could not get the "default roles at database level" to work any differently than they do now. I thought I could simply create a role, grant that role to a valid user and that role would be his default permissions when he connected to the database (that and anything else granted to him individually ). Is that not how it is supposed to work?



sending to informix-list

The new default role in IDS 10 is applied to a user at connection time.
It is at the session level not the database level.

You need to "grant default role dave to <user>;"

I've just done this against IDS 10.00.TC1TL on Windows XP:-


In a dbaccess session as user djw;

create database djw;
database djw;
create table a ( b int);
revoke all on a from public;
grant connect to o2;

in a separate dbaccess session:-

Connection-> Connect -> select database server
input user name o2 and password
select database djw

select * from a
# ^
# 272: No SELECT permission.
#

In the first dbaccess session:-

create role dave;
grant select on a to dave;
grant default role dave to o2;

In the second dbaccess session

Connection-> Connect -> select database server
input user name o2 and password
select database djw

select * from a;

b

1

In first dbaccess session:-

revoke default role from o2

In second dbaccess session:-

select * from a;


b

1

NOTE: User has not reconnected so they retain select privilege since
their
sessions still has that role as it's current role. However reconnect
and:-

Connection-> Connect -> select database server
input user name o2 and password
select database djw

select * from a
# ^
# 272: No SELECT permission.
#