Brian McLaughlin said:
> So I've been experimenting to try and understand Informix permissions.
>
> Looking at the sysuser table, there are 3 entries. One of those three is
> "public". Is "public" a special user? Do users that connect to
> Informix but don't exist in the sysuser table get the "public"
> permissions?

No, they get their own permissions *plus* all the public permissions.

> I ask this, because if I connect as a user that exists on the server but
> not within Informix, I seem to have full privileges to select, create,
> update, delete anything I want. I want to understand how best to lock
> things down a little bit. It would be nice to prevent everybody from
> being able to connect and view the HR/Payroll data for instance -- or to
> alter their scholastic records, etc.

Perfectly reasonable! )

> How do others manage database permissions?

What may work better is to revoke all permissions on all tables from all
users (including public!) Then create stored procedures that do all the
data manipulation and access. This way, you can avoid the horrors of
someone with Excel or Access coming in and bypassing all your application
security.

--

Bye now,
Obnoxio

"C'est pas parce qu'on n'a rien à dire qu'il faut fermer sa gueule"
- Coluche

"I'm trying to see things your way, but I can't get my head up my ass"
- JCH

"Ogni uomo mi guarda come se fossi una testa di cazzo"
- Marco

Travel broadens a person. You look as if you have been all over the world.

I went to the airport to check in and they asked what I did because I
looked like a terrorist. I said I was a comedian. They said, "Say
something funny then." I told them I had just graduated from flying
school.

-- Ahmed Ahmed

http://i2.photobucket.com/albums/y41...theproblem.jpg
sending to informix-list