Informix - 创建时的默认权限 table
Informix - Default permissions when creating table
所以,我使用 Informix 数据库引擎来创建我的数据库。我注意到一些奇怪的事情,我在 IBM 官方页面上找不到相关信息。
如果你检查我的 table 的定义,最后有一行说:
revoke all on "gabriel.barrios".proveedores from "public" as "gabriel.barrios";
不是我写的,我只是定义了table属性。但似乎引擎本身正在添加它。
是这样吗?
如果是,我该如何更改此默认行为。
此外,有人可以澄清这一行的输出:
{ TABLE "gabriel.barrios".proveedores row size = 110 number of columns = 4 index size = 9 }
[gabriel.barrios@informix1 ~]$ dbschema -d practico_matias_barrios -t Proveedores
DBSCHEMA Schema Utility INFORMIX-SQL Version 11.70.UC8W1
{ TABLE "gabriel.barrios".proveedores row size = 110 number of columns = 4 index size = 9 }
create table "gabriel.barrios".proveedores
(
id serial not null ,
nombre varchar(50) not null constraint "gabriel.barrios".proveedor_nombre_vacio,
situacion integer not null constraint "gabriel.barrios".proveedor_situacion_vacio,
ciudad varchar(50) not null constraint "gabriel.barrios".proveedor_ciudad_vacio,
primary key (id) constraint "gabriel.barrios".proveedor_clave_primaria
);
revoke all on "gabriel.barrios".proveedores from "public" as "gabriel.barrios";
Informix 默认行为是向 PUBLIC 角色授予权限。
根据文档 (Table-level privileges) :
In an ANSI-compliant database, only the table owner has any
privileges. In other databases, the database server, as part of
creating a table, automatically grants to PUBLIC all table privileges
except Alter and References, unless the NODEFDAC environment variable
has been set to 'yes' to withhold all table privileges from PUBLIC.
When you allow the database server to automatically grant all table
privileges to PUBLIC, a newly created table is accessible to any user
with the Connect privilege. If this is not what you want (if users
exist with the Connect privilege who should not be able to access this
table), you must revoke all privileges on the table from PUBLIC after
you create the table.
您看到的是 dbschema 总是在创建 table 输出上撤销 PUBLIC 的权限,然后将它们添加回权限输出。
$ dbschema -d mydatabase -t default_privileges
DBSCHEMA Schema Utility INFORMIX-SQL Version 12.10.FC12
{ TABLE "myuser".default_privileges row size = 4 number of columns = 1 index size = 0 }
create table "myuser".default_privileges
(
id integer
);
revoke all on "myuser".default_privileges from "public" as "myuser";
使用dbschema权限输出和过滤 table default_privileges :
$ dbschema -d mydatabase -p all | grep default_privileges
grant select on "myuser".default_privileges to "public" as "myuser";
grant update on "myuser".default_privileges to "public" as "myuser";
grant insert on "myuser".default_privileges to "public" as "myuser";
grant delete on "myuser".default_privileges to "public" as "myuser";
grant index on "myuser".default_privileges to "public" as "myuser";
所以,我使用 Informix 数据库引擎来创建我的数据库。我注意到一些奇怪的事情,我在 IBM 官方页面上找不到相关信息。
如果你检查我的 table 的定义,最后有一行说:
revoke all on "gabriel.barrios".proveedores from "public" as "gabriel.barrios";
不是我写的,我只是定义了table属性。但似乎引擎本身正在添加它。
是这样吗?
如果是,我该如何更改此默认行为。
此外,有人可以澄清这一行的输出:
{ TABLE "gabriel.barrios".proveedores row size = 110 number of columns = 4 index size = 9 }
[gabriel.barrios@informix1 ~]$ dbschema -d practico_matias_barrios -t Proveedores
DBSCHEMA Schema Utility INFORMIX-SQL Version 11.70.UC8W1
{ TABLE "gabriel.barrios".proveedores row size = 110 number of columns = 4 index size = 9 }
create table "gabriel.barrios".proveedores
(
id serial not null ,
nombre varchar(50) not null constraint "gabriel.barrios".proveedor_nombre_vacio,
situacion integer not null constraint "gabriel.barrios".proveedor_situacion_vacio,
ciudad varchar(50) not null constraint "gabriel.barrios".proveedor_ciudad_vacio,
primary key (id) constraint "gabriel.barrios".proveedor_clave_primaria
);
revoke all on "gabriel.barrios".proveedores from "public" as "gabriel.barrios";
Informix 默认行为是向 PUBLIC 角色授予权限。
根据文档 (Table-level privileges) :
In an ANSI-compliant database, only the table owner has any privileges. In other databases, the database server, as part of creating a table, automatically grants to PUBLIC all table privileges except Alter and References, unless the NODEFDAC environment variable has been set to 'yes' to withhold all table privileges from PUBLIC. When you allow the database server to automatically grant all table privileges to PUBLIC, a newly created table is accessible to any user with the Connect privilege. If this is not what you want (if users exist with the Connect privilege who should not be able to access this table), you must revoke all privileges on the table from PUBLIC after you create the table.
您看到的是 dbschema 总是在创建 table 输出上撤销 PUBLIC 的权限,然后将它们添加回权限输出。
$ dbschema -d mydatabase -t default_privileges
DBSCHEMA Schema Utility INFORMIX-SQL Version 12.10.FC12
{ TABLE "myuser".default_privileges row size = 4 number of columns = 1 index size = 0 }
create table "myuser".default_privileges
(
id integer
);
revoke all on "myuser".default_privileges from "public" as "myuser";
使用dbschema权限输出和过滤 table default_privileges :
$ dbschema -d mydatabase -p all | grep default_privileges
grant select on "myuser".default_privileges to "public" as "myuser";
grant update on "myuser".default_privileges to "public" as "myuser";
grant insert on "myuser".default_privileges to "public" as "myuser";
grant delete on "myuser".default_privileges to "public" as "myuser";
grant index on "myuser".default_privileges to "public" as "myuser";