on 01-11-2011 3:16 PM
Hi,
Is it possible to create a user that has access to all tables in a particular database? I know I can grant permissions on individual tables, but I would like to create a user that can add, delete, and insert data into any table in the database. This is easy in MSSQL, but not so easy with MaxDB
Thanks and Kind Regards,
Diana Hoppe
It's not so easy, because it's a nonsense requirement!
While it may be convenient to be able to just access data and db-objects during development, this becomes a nightmare on production.
It's far easier and usually better to create schemas to put the database objects in and roles that have the required permissions.
Then you can grant the roles to the users that need them.
This way you've cleanly separated the naming (schemas) from the permission (roles/users/grants) aspect.
A common approach for this is:
- SYSDBA user (e.g. SUPERDBA) owns the application schemas and can create/alter the objects in it
- SYDBA also owns the roles and users.
One step more secure would be to have a specific user own the application schemas - just like it is the case for NetWeaver databases.
With this, you can have your DBAs have their superuser access to the database and still not the super-easy option to look at the data.
regards,
Lars
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Lars.
Like you, i'm internal. Our MII application runs on top on Netweaver CE, running on MaxDB. I am just trying to connect from our application through jdbc to another MaxDB database instance that I created. I was hoping to have a separate user (rather than the DBADMIN one) that had access to this database, so when we query it through our application, we can see all tables in the database.
Appreciate you taking the time to answer
Kind Regards,
Diana Hoppe
HI Diana,
I knew that the name sounded familiar...
As you're internal you also can just call me in case of further questions
Ok, this scenario is quite common and often requested by customers, but bears terribly potential for data security trouble.
The approach "permissions -> role -> users" should be considered a bare minimum for db-interconnection.
A broader discussion of this topic can be found in my old blog [Questions to SAP Support: Is ODBC access to the database a good idea?|http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/9742] [original link is broken] [original link is broken] [original link is broken];.
regards,
Lars
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.