https://community.hpe.com/t5/operating-system-hp-ux/ids-9-security-issue/m-p/3360011#M871383 Env: HP-UX11, Informix Dynamic Server 9.4<BR />Issue: We have some users using odbc to access our databases, is there any way on group basis that we can grant limited permissions to this kind of users (set role doesn't work).<BR />Thanks.<BR /><BR />Simon Wed, 18 Aug 2004 09:59:12 GMT Simon Liu_2 2004-08-18T09:59:12Z https://community.hpe.com/t5/operating-system-hp-ux/ids-9-security-issue/m-p/3360011#M871383 Env: HP-UX11, Informix Dynamic Server 9.4<BR />Issue: We have some users using odbc to access our databases, is there any way on group basis that we can grant limited permissions to this kind of users (set role doesn't work).<BR />Thanks.<BR /><BR />Simon Wed, 18 Aug 2004 09:59:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/ids-9-security-issue/m-p/3360011#M871383 Simon Liu_2 2004-08-18T09:59:12Z https://community.hpe.com/t5/operating-system-hp-ux/ids-9-security-issue/m-p/3360012#M871384 Set role does work provided you do it properly. First you have to revoke permissions. <BR /><BR />Don't allow people to connect as user informix, or the DBA user or anything silly like that.<BR /><BR />Create a role called readonly and grant select (only) to that role for each table, then grant the readonly role to the those users who access the database with restricted permissions.<BR /><BR />Then create a second role, with update/insert/delete/select etc permissions. Grant that role to other users who are to be allowed to update the data.<BR /><BR />We also have a stored procedure which allows users to change role, according to what they have been granted. Its sets the readonly role by default.<BR /><BR />It works for us, so it can be made to work for you. Its probably just your historical set-up thats stopping it from locking out the right people.<BR /><BR /> Wed, 18 Aug 2004 11:43:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/ids-9-security-issue/m-p/3360012#M871384 Steve Lewis 2004-08-18T11:43:11Z