Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!sdd.hp.com!decwrl!ucbvax!husc6!lange!bochner
From: bochner@lange.harvard.EDU (Harry Bochner)
Newsgroups: comp.databases
Subject: Re: Revoking privileges across the board
Message-ID: <4034@husc6.harvard.edu>
Date: 29 Aug 90 21:02:57 GMT
References: <767@tiamat.fsc.com>
Sender: news@husc6.harvard.edu
Reply-To: bochner@lange.harvard.EDU (Harry Bochner)
Organization: Aiken Computation Laboratory, Harvard University
Lines: 29

In article <767@tiamat.fsc.com>, jim@tiamat.fsc.com (Jim O'Connor) writes:
...
 > Is there any way to remove all of these granted privileges with
 > one statement?  That is, I'd like to be able to issue one statement
 > and know that I've wiped out all priviliges that have ever been granted to
 > any user.

The best thing I know is:
revoke all on table1 from public;
"      "    " table2 "    ";
...

This isn't quite what you want, but it's pretty good: you can do
select tabname from systables;
to get a list of tables, and then just edit the list into SQL commands
as above;
this way you can be sure you haven't missed any tables.

 > Is it safe to tinker with the sys table that has the privilege
 > data in it directly?  For example, "delete from systabauth;" and "delete
 > from syscolauth;".

It probably can be done this way, but I hesitate to alter the database's
private
data. I don't _know_ that it isn't safe, but they haven't told us it
_is_ safe :-}

Harry Bochner
bochner@endor.harvard.edu