HPE Community
Operating System - HP-UX
1836923 Members
2179 Online
110111 Solutions
New Discussion

Re: IDS 9 security issue

 
Simon Liu_2
Occasional Contributor

‎08-18-2004 02:59 AM

‎08-18-2004 02:59 AM

IDS 9 security issue

Env: HP-UX11, Informix Dynamic Server 9.4
Issue: We have some users using odbc to access our databases, is there any way on group basis that we can grant limited permissions to this kind of users (set role doesn't work).
Thanks.

Simon
0 Kudos
Reply
1 REPLY 1
Steve Lewis
Honored Contributor

‎08-18-2004 04:43 AM

‎08-18-2004 04:43 AM

Re: IDS 9 security issue

Set role does work provided you do it properly. First you have to revoke permissions.

Don't allow people to connect as user informix, or the DBA user or anything silly like that.

Create a role called readonly and grant select (only) to that role for each table, then grant the readonly role to the those users who access the database with restricted permissions.

Then create a second role, with update/insert/delete/select etc permissions. Grant that role to other users who are to be allowed to update the data.

We also have a stored procedure which allows users to change role, according to what they have been granted. Its sets the readonly role by default.

It works for us, so it can be made to work for you. Its probably just your historical set-up thats stopping it from locking out the right people.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.