cancel
Showing results for 
Search instead for 
Did you mean: 

IDS 9 security issue

Simon Liu_2
Occasional Contributor

IDS 9 security issue

Env: HP-UX11, Informix Dynamic Server 9.4
Issue: We have some users using odbc to access our databases, is there any way on group basis that we can grant limited permissions to this kind of users (set role doesn't work).
Thanks.

Simon
1 REPLY
Steve Lewis
Honored Contributor

Re: IDS 9 security issue

Set role does work provided you do it properly. First you have to revoke permissions.

Don't allow people to connect as user informix, or the DBA user or anything silly like that.

Create a role called readonly and grant select (only) to that role for each table, then grant the readonly role to the those users who access the database with restricted permissions.

Then create a second role, with update/insert/delete/select etc permissions. Grant that role to other users who are to be allowed to update the data.

We also have a stored procedure which allows users to change role, according to what they have been granted. Its sets the readonly role by default.

It works for us, so it can be made to work for you. Its probably just your historical set-up thats stopping it from locking out the right people.