|
Satheesh Bandaram wrote: Since I haven't heard any objections to change system schemas authorizationId from 'DBA' (pseudo-user) to authorizationId of database owner, I will proceed with my code changes. Speak up if this doesn't sit right... :-)Daniel John Debrunner wrote:Seems strange to me to create a schema just to store the database owner, does not seem natural or intuitive. Though, maybe I'm a little confused by your description, you say "new system schema" and "new system catalog", did you mean to say schema throughout? Though the last part of the last sentence seems like what you are describing with SYSDBA.Right... I meant to say "system schema" throughout... One place I seem to have mentioned catalog instead. Any reason why system schemas need to be owned by 'SA_USER_NAME', which is 'DBA'? Changing current system schemas authorizationId to database owner authorizationID seems to make sense to me.Satheesh One added advantage of this change is that all system routines would now be owned by database owner and would need explicit authorization to perform operations like freeze, unfreeze, backup without any special code. I will add RoutinePermsDescriptors to allow execute privilege to other system routines that all users should be able to invoke by default. (like SYSCS_GET_DATABASE_PROPERTY, SYSCS_EXPORT_TABLE, SYSCS_GET_RUNTIMESTATISTICS, SYSCS_IMPORT_TABLE, SYSCS_SET_STATISTICS_TIMING, SYSCS_SET_RUNTIMESTATISTICS, SYSCS_INPLACE_COMPRESS_TABLE, SYSCS_COMPRESS_TABLE) I also think all routines in SYSIBM schema should be executable by all. Only DBA access for INSTALL_JAR, REMOVE_JAR and REPLACE_JAR, by default? Satheesh |
- Re: Right place to save database owner ... Satheesh Bandaram
- Re: Right place to save database owner ... Daniel John Debrunner
- Re: Right place to save database owner ... Satheesh Bandaram
