DB2v8.2 权限管理问题

显示全部楼层 · 2007-10-20 08:38:44

db2权限管理是不是有问题？请看我的例子：
1.create a user test in CC
2. run the below command:
db2 => grant connect on database to user test
DB20000ISQL 命令成功完成。
3. The user test can log on db
db2 => connect to db user test using test
数据库连接信息
数据库服务器 = DB2/NT 8.2.0
SQL 授权标识 = TEST
本地数据库别名 = DB
4. revoke the connect privilege from test
db2 => revoke connect on database from user luocb
DB20000ISQL 命令成功完成。
5. The user test can log on db again.
db2 => connect to db user test using test
数据库连接信息
数据库服务器 = DB2/NT 8.2.0
SQL 授权标识 = TEST
本地数据库别名 = DB
为什么revoke connect 权限后，test用户还能connect to db？？？请高手帮忙解答一下

千问 · 2007-10-20 08:38:44

要revoke from public才行。

千问 · 2007-10-20 08:38:44

还是不行啊，revoke connect on database from public执行后，这个用户还是能connect啊

千问 · 2007-10-20 08:38:44

db2 "select grantee from syscat.dbauth where connectauth='Y'"
Make sure user 'TEST' neither in the list, nor belongs to any group in the list.

千问 · 2007-10-20 08:38:44

To：unixnewbie
Thanks for your reply, I check the group follow yours, the 'TEST' user is belong to TEST group, so I revoke the connect from TEST group, but after that, the TEST user can connect to db.
db2 => select grantee from syscat.dbauth where connectauth='Y'
GRANTEE
-------------------------------------------------------------------------------------
-------------------------------------------
SYSTEM
ERIC
LISA
SUPPORT_388945A0
TEST
PUBLIC

6 条记录已选择。
db2 => revoke connect on database from luocb
DB20000ISQL 命令成功完成。
db2 => select grantee from syscat.dbauth where connectauth='Y'
GRANTEE
-------------------------------------------------------------------------------------
-------------------------------------------
SYSTEM
ERIC
LISA
SUPPORT_388945A0
PUBLIC

5 条记录已选择。
db2 =>

千问 · 2007-10-20 08:38:44

How can I get the user belong to which group?

千问 · 2007-10-20 08:38:44

原帖由 luocb1980 于 3/6/2008 12:17 发表
To：unixnewbie
Thanks for your reply, I check the group follow yours, the 'TEST' user is belong to TEST group, so I revoke the connect from TEST group, but after that, the TEST user can connect to db.
db2 => select grantee from syscat.dbauth where connectauth='Y'
GRANTEE
-------------------------------------------------------------------------------------
-------------------------------------------
SYSTEM
ERIC
LISA
SUPPORT_388945A0
TEST
PUBLIC

6 条记录已选择。
db2 => revoke connect on database from luocb
DB20000ISQL 命令成功完成。
db2 => select grantee from syscat.dbauth where connectauth='Y'
GRANTEE
-------------------------------------------------------------------------------------
-------------------------------------------
SYSTEM
ERIC
LISA
SUPPORT_388945A0
PUBLIC

5 条记录已选择。
db2 =>
你上面的结果里不是还有PUBLIC么。有PUBLIC在就是说所有用户都可以Connect。

千问 · 2007-10-20 08:38:44

原帖由 luocb1980 于 3/6/2008 12:19 发表
How can I get the user belong to which group?
在系统层面设置user属于哪个group。

千问 · 2007-10-20 08:38:44

在系统层面这个user属于test组的

千问 · 2007-10-20 08:38:44

db2 => select grantee from syscat.dbauth where connectauth='Y'
GRANTEE
-------------------------------------------------------------------------------------
-------------------------------------------
SYSTEM
ERIC
LISA
SUPPORT_388945A0
PUBLIC
FTTEST
这个命令执行后已经没有test组了啊，但是属于这个组的用户还是能connect todatabase