db2权限管理是不是有问题?请看我的例子:
1.create a user test in CC
2. run the below command:
db2 => grant connect on database to user test
DB20000ISQL 命令成功完成。
3. The user test can log on db
db2 => connect to db user test using test
数据库连接信息
数据库服务器 = DB2/NT 8.2.0
SQL 授权标识 = TEST
本地数据库别名 = DB
4. revoke the connect privilege from test
db2 => revoke connect on database from user luocb
DB20000ISQL 命令成功完成。
5. The user test can log on db again.
db2 => connect to db user test using test
数据库连接信息
数据库服务器 = DB2/NT 8.2.0
SQL 授权标识 = TEST
本地数据库别名 = DB
为什么revoke connect 权限后,test用户还能connect to db???请高手帮忙解答一下
To:unixnewbie
Thanks for your reply, I check the group follow yours, the 'TEST' user is belong to TEST group, so I revoke the connect from TEST group, but after that, the TEST user can connect to db.
db2 => select grantee from syscat.dbauth where connectauth='Y'
GRANTEE
-------------------------------------------------------------------------------------
-------------------------------------------
SYSTEM
ERIC
LISA
SUPPORT_388945A0
TEST
PUBLIC
6 条记录已选择。
db2 => revoke connect on database from luocb
DB20000ISQL 命令成功完成。
db2 => select grantee from syscat.dbauth where connectauth='Y'
GRANTEE
-------------------------------------------------------------------------------------
-------------------------------------------
SYSTEM
ERIC
LISA
SUPPORT_388945A0
PUBLIC
原帖由 luocb1980 于 3/6/2008 12:17 发表
To:unixnewbie
Thanks for your reply, I check the group follow yours, the 'TEST' user is belong to TEST group, so I revoke the connect from TEST group, but after that, the TEST user can connect to db.
db2 => select grantee from syscat.dbauth where connectauth='Y'
GRANTEE
-------------------------------------------------------------------------------------
-------------------------------------------
SYSTEM
ERIC
LISA
SUPPORT_388945A0
TEST
PUBLIC
6 条记录已选择。
db2 => revoke connect on database from luocb
DB20000ISQL 命令成功完成。
db2 => select grantee from syscat.dbauth where connectauth='Y'
GRANTEE
-------------------------------------------------------------------------------------
-------------------------------------------
SYSTEM
ERIC
LISA
SUPPORT_388945A0
PUBLIC
db2 => select grantee from syscat.dbauth where connectauth='Y'
GRANTEE
-------------------------------------------------------------------------------------
-------------------------------------------
SYSTEM
ERIC
LISA
SUPPORT_388945A0
PUBLIC
FTTEST
这个命令执行后已经没有test组了啊,但是属于这个组的用户还是能connect todatabase