Re: grant command & wildcard --> wiki howto

Thomas Stegbauer Mon, 11 Aug 2003 11:01:08 -0700

hi kevin,

thanx for the quick answer.

Kevin Wilson schrieb:

I am not sure if one exists yet or not. That email denotes using usergroups
which is a drawback because usergroup inclusion must be specified at user
creation and cannot be done in a ALTER statement.

The way I have done it is to have the DBA user create say 2 RESOURCE level
users to *own* the respective database tables, etc. You have to grant rights
to the DBA user for both of the user's set of objects then have the DBA user
define ROLES with permissions that allow cross-user object access. Then
later should you have to add a new user just have the DBA add the user(s) to
a particular ROLE and that should do it. Very similar to the canned ROLES
setup found in MSSQL Server v7.

in what systemtable are all the roles existing are notified?

Unfortunately, using this method, I experienced that specifying a wildcard
(e.g., all tables = "<USER>"."*") is not possible so you must go through and
specify each object you want to allow access to. This is tedious I know but
this does give you flexibility of adding/removing/altering user permissions
past that of the CREATE USER stage when employing the use of a USERGROUP.

elke zabach mentoined a script which should do this, was discussed a while ago in sapdb.general. but until now i was unable to find it.

Also, this setup allows you to run multiple (pseudo) databases in a single
server instance.

beside triggers (and may be procedures) which must be unique in the complete instance.

Was this what you were looking for?

yes nearly. but what are difference between a usergroup and a role?

what i found out is:

1. the usergroup a user is belonging to cant get changed.
2. a user can belong only to one group
3. a role can ask for a separate password when it is not activated by default on logon.

what i didn't in the docs until know (is there a good search interface - beside google?) how to add/remove a user from a role

greetings
thomas

-----Original Message-----
From: Thomas Stegbauer [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2003 11:31 AM
To: Kevin Wilson
Cc: [EMAIL PROTECTED]
Subject: grant command & wildcard --> wiki howto
hi kevin,

you wrote on 2003-04-11 that the above statement could a candidate for a wiki howto. http://listserv.sap.com/pipermail/sapdb.general/2003-April/036927.html

does such a howto already exist?
greetings
thomas

--
# Thomas Stegbauer
# http://www.keyserver.de:11371/pks/lookup?op=get&search=0xFF837A1A
# Key fingerprint = E469 F5DC 42FB B530 F5CB  99CB CEB2 BFC6 FF83 7A1A

pgp00000.pgp
Description: PGP signature

Re: grant command & wildcard --> wiki howto

Reply via email to