Dan, I know this is just a baby step towards where you're headed... but if you "set escape off" the users can't escape to the R> (at least that _used_ to be true, haven't used it in a long time). From there Dennis' suggestion of putting that one very sensitive table in a separate DB would probably make your life a lot easier.
Ben Petersen On 10 Jun 2003, at 9:58, Dan Champion wrote: > > Dennis, > The owner is MikeV, but it is pasworded as well. You cannot set user > MikeV without an error message that prompts for a password. Without the > password you have 0 access to the database. NO tables accessible. I will > have to do as Razzak suggested and connect as the owner with password and > unload all, edit the unload to remove the owner and reload. > As far as security goes, I already had my own login/password in my > codes, so each user here had a different security level. Before any code is > allowed to run, the usersecurity must match... however that is only when the > code is run... some users are smart enough to hit escape during the start > process and get access to the tables from the R< This is where the boss wants > to have the tables locked from all of us (including me the developer...what a > hassle) > > > > Along those lines... when I get things more figured out later (he still wants > to protect one table in the database from anyone except him to see) Is there > an easier way to grant access to all tables, then just revoke access to that > table? I had to write a program that > > granted all privileges for (tablename) to (userlist) > > one line for each tablename. Is there an easier way... we have 70 tables > in the database. > > I have read all the help files, and a few of the old books, but found no > shortcut. > > > > > > At 06:18 AM 6/10/2003 -0700, you wrote: > > >Dan, > > > >If you know the owner name you can do whatever you want. > > > > > >The key is knowing how the NAME and USER settings work. > > > >Think of USER as "USER PASSWORD" > >NAME is only an identifier, it does not affect access to tables. > > > >If the DB owner is GEORGE, at the r> you type SET USER GEORGE. You > >will have total access to the database. When yo are done, SET USER > >NONE to return to normal. > > > >NONE and PUBLIC are pretty well synonomous. Granting rigths to PUBLIC > >will let anyone use that right. Granting rights to any other password > >will only allow access to those rights when the USER is set to that > >password. If the USER is set to the owner password, all access is > >allowed. > > > >I have a client that insisted on setting up this kind of security. In > >the login to the application, each user enters their ID and a USER name > >is retrieved from a table and set. It is saved in a variable. Then, > >when my code needs to do something only allowed to the owner, I change > >USER to the owner, process, and then SET USER &vUserName and all is > >back to normal. > > > >If one really wanted to make this more secure, all code that does this > >could be codelock so noone could find out the owner password. > > > >Having security on a database really adds a great deal of complication > >to the whole app. But, if the boss is paranoid (rightfully so > >sometimes), one must go there. > > > >Dennis McGrath > > > > > > > > > > > >--- Dan <[EMAIL PROTECTED]> wrote: > > > > > > Ok, > > > So, If I read this right.... A. = I am right... only the owner can > > > do the > > > unload/reload which he doesn't want to do. > > > and B... sure don't understand B... use the grant option to take > > > care of > > > EVERYTHING? > > > The question was, how do I UNDO giving the onwer total control. He > > > wants > > > to lock us all out of one table, but thinks things can continue as > > > normal. > > > They can't... now he hea to do my job and maintain the database > > > (according > > > to example A) and B does not give ME control of the database. I am > > > really more confused than I was to begin wtih. I think assigning the > > > owner > > > of our company. OWNERship of the database was a mistake. I should > > > have > > > left it PUBLIC so I can still maintain the data. > > > > > > How do I undo giving him ownership... I tried setting the owner as > > > public > > > but get an error message about SQL not working if I do. > > > > > > (please forgive any misspellings, I had an accident with my eyest > > > today and > > > can't see what I am typing) > > > > > > Dan > > > At 12:15 PM 6/9/2003 -0400, you wrote: > > > > > > > >At 12:06 PM 6/9/2003 -0400, Dan Champion wrote: > > > > > > > >>Does anyone have some good advice on the topic of Database > > > Ownership. > > > >>We just recently took our PUBLIC 'ly owned database, but now the > > > company > > > >>owner would like to be able to restrict access to one of the > > > tables. I Set > > > >>him as OWNER, and Granted access (table by table) to the users. > > > Now... > > > >>unload/reloads can't be done by anyone but the owner? > > > >>How do we set it back to public till we figure a better way to do > > > this? > > > > > > > >Dan, > > > > > > > >A few options: > > > > > > > >A. At the R> prompt: > > > > > > > >01. CONNECT dbname IDENTIFIED by OwnerPasword > > > >02. SET NULL -0- > > > >03. OUTP dbname.UNL > > > > UNLOAD ALL > > > > OUTP SCREEN > > > > > > > >04 Open dbname.UNL file in RBEDIT or any text editor and then > > > > change the structure accordingly. > > > > > > > >B. > > > > > > > >01. CONNECT dbname IDENTIFIED by OwnerPasword and then > > > > > > > > Use GRANT option to take care of everything. > > > > > > > > For complete details: http://www.RSyntax.com > > > > > > > >Hope that helps! > > > > > > > >Very Best R:egards, > > > > > > > >Razzak. > > > > > > > > > > > Dan Champion > P.O. Box 223 > Grandville, MI. 49428-0223 > www.championsolutions.net >
