Archives of the TeradataForum
Message Posted: Wed, 17 Aug 2005 @ 19:37:27 GMT
Subj: | | Permissions to DBC.Databases / DBC.Tables |
|
From: | | Al MacGowan |
I've got some issues where a "rogue user" got ahold of an application which enumerates system objects and provides them a GUI interface to
whatever JDBC Driver they have for whatever database they have. That's all fine and dandy for them, but this has caused a problem for me, as this
user was able to find Users to attempt to logon as. And they did just that. I know this is a procedure and business problem, but I reacted by
denying SELECT from DBC.Databases and DBC.Tables from PUBLIC, and re-GRANTing it to "system-level" users, and "trustworthy" ROLEs.
I now have "not necessarily trustworthy" roles which are complaining they cannot use SQL Assistant or other tools that enumerate DBC.Tables to
get their GUI apps to work. They can run HELP DATABASE and HELP TABLE statements, but it's not GUI.
Is there a way to handle this that anyone's been able to do? Is there some kind of row-level access that can be implemented, if so - would it
be too dangerous potentially?
Any suggestions would be helpful. Thanks!
Alistair MacGowan
Senior Database Administrator
|