Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!ucbvax!hplabs!pyramid!infmx!aland From: aland@infmx.UUCP (Dr. Scump) Newsgroups: comp.databases Subject: Re: Restricting access to Informix tables Message-ID: <1347@infmx.UUCP> Date: 16 May 89 01:07:51 GMT References: <1080@investor.UUCP> <1092@altos86.UUCP> Reply-To: aland@infmx.UUCP (alan denney) Organization: Flight 1523 Survivor's Club Lines: 36 In article <1092@altos86.UUCP> jon@altos86.UUCP (Jonathan Ma) writes: >In article <1080@investor.UUCP> news@investor.UUCP ( Bob Peirce) writes: >>We have a database we want to keep most people from updating or >>inserting except under controlled circumstances; ie, No from sperform, >>but YES from a 4GL data entry program. >>-- >>Bob Peirce, Pittsburgh, PA 412-471-5320 > You can do the following as root: > % cd $INFORMIXDIR/bin > % chmod 500 sperform > > Just a suggestion. Please don't reply or follow-up. > -Jon- UUCP: {sun,pyramid,amdahl}!altos86!jon Sorry, Jon, but this not a good idea. Even in 2.10.00 and earlier versions, this would prevent ALL users from running ANY forms. In 2.10.03, things get worse: since "sperform" is just a link to the "isql" executable (in UNIX), you would have just prevented all users from using any ISQL module (compiling or running any forms, reports, queries, or user menus). The only way to get the desired functionality that I know of (in UNIX) is to create a "phony" generic user name for the application, grant it the appropriate database permissions, make it the program owner, and use setuid(). As I see it, a better route would be to be able to grant permissions to *applications*, like "Application Plans" in DB2. -- Alan S. Denney @ Informix Software, Inc. {pyramid|uunet}!infmx!aland "I want to live! -------------------------------------------- as an honest man, Disclaimer: These opinions are mine alone. to get all I deserve If I am caught or killed, the secretary and to give all I can." will disavow any knowledge of my actions. - S. Vega