DB2 从多个用户的数据库中撤销用户权限
DB2 revoke user privileges from a database from multiple users
我想撤销所有用户的所有权限,只有一个来自数据库。
DB2 10.5 LUW
我的思路是:
db2 "revoke all on database from user IN (select grantee from syscat.dbauth where grantee not IN 'SAFEUSER')"
但我无法让它工作。
有什么想法吗?
REVOKE (database authorities) statement 中没有 ALL 子句。
您可以生成以下 select 语句所需的语句集:
select
'REVOKE '
|| SUBSTR
(
CASE ACCESSCTRLAUTH WHEN 'N' THEN '' ELSE ', ACCESSCTRL' END
||CASE BINDADDAUTH WHEN 'N' THEN '' ELSE ', BINDADD' END
||CASE CONNECTAUTH WHEN 'N' THEN '' ELSE ', CONNECT' END
--- add here expressions with all other *AUTH columns
, 2)
||' ON DATABASE FROM '
|| CASE
WHEN GRANTEE = 'PUBLIC' THEN ''
WHEN GRANTEETYPE = 'U' THEN 'USER'
WHEN GRANTEETYPE = 'G' THEN 'GROUP'
WHEN GRANTEETYPE = 'R' THEN 'ROLE'
END
||' '||GRANTEE
from syscat.dbauth
WHERE 'Y' IN
(
ACCESSCTRLAUTH, BINDADDAUTH, CONNECTAUTH
--- add here all other *AUTH columns separated by ','
)
AND grantee <> 'SAFEUSER'
;
我想撤销所有用户的所有权限,只有一个来自数据库。 DB2 10.5 LUW
我的思路是:
db2 "revoke all on database from user IN (select grantee from syscat.dbauth where grantee not IN 'SAFEUSER')"
但我无法让它工作。
有什么想法吗?
REVOKE (database authorities) statement 中没有 ALL 子句。
您可以生成以下 select 语句所需的语句集:
select
'REVOKE '
|| SUBSTR
(
CASE ACCESSCTRLAUTH WHEN 'N' THEN '' ELSE ', ACCESSCTRL' END
||CASE BINDADDAUTH WHEN 'N' THEN '' ELSE ', BINDADD' END
||CASE CONNECTAUTH WHEN 'N' THEN '' ELSE ', CONNECT' END
--- add here expressions with all other *AUTH columns
, 2)
||' ON DATABASE FROM '
|| CASE
WHEN GRANTEE = 'PUBLIC' THEN ''
WHEN GRANTEETYPE = 'U' THEN 'USER'
WHEN GRANTEETYPE = 'G' THEN 'GROUP'
WHEN GRANTEETYPE = 'R' THEN 'ROLE'
END
||' '||GRANTEE
from syscat.dbauth
WHERE 'Y' IN
(
ACCESSCTRLAUTH, BINDADDAUTH, CONNECTAUTH
--- add here all other *AUTH columns separated by ','
)
AND grantee <> 'SAFEUSER'
;