Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!mtxinu!sybase!phobos!tim
From: tim@phobos.sybase.com (Tim Wood)
Newsgroups: comp.databases
Subject: Re: Restricting access to Informix tables
Message-ID: <4256@sybase.sybase.com>
Date: 16 May 89 16:53:39 GMT
References: <1080@investor.UUCP> <1092@altos86.UUCP> <1347@infmx.UUCP>
Sender: news@sybase.sybase.com
Reply-To: tim@phobos.UUCP (Tim Wood)
Organization: Sybase, Inc.
Lines: 38

In article <1347@infmx.UUCP> aland@infmx.UUCP (alan denney) writes:

>In article <1092@altos86.UUCP> jon@altos86.UUCP (Jonathan Ma) writes:

>>In article <1080@investor.UUCP> news@investor.UUCP ( Bob Peirce) writes:

>>>We have a database we want to keep most people from updating or
>>>inserting except under controlled circumstances; ie, No from sperform,
>>>but YES from a 4GL data entry program.  
>>>-- 
>>>Bob Peirce, Pittsburgh, PA				 412-471-5320

>>	You can do the following as root:
>>	% cd $INFORMIXDIR/bin
>>	% chmod 500 sperform
>>

>
>Sorry, Jon, but this not a good idea.  Even in 2.10.00 and earlier 
>versions, this would prevent ALL users from running ANY forms. [...]
>
>As I see it, a better route would be to be able to grant permissions
>to *applications*, like "Application Plans" in DB2.

Or "stored procedures" and views in Sybase.  Moreover, you can grant
EXECUTE permission on the procedure (or SELECT, etc. on the view) and
revoke SELECT, UPDATE, etc. on the objects the procedure or view
references.  This implements a package-type interface to the database,
in that you can force all SQL operations to be performed via the
(statically-defined, parameterized) procedures and views.
-TW



Sybase, Inc. / 6475 Christie Ave. / Emeryville, CA / 94608	  415-596-3500
tim@sybase.com          {pacbell,pyramid,sun,{uunet,ucbvax}!mtxinu}!sybase!tim
Voluntary disclaimer: This message is solely my personal opinion.
		      It is not a representation of Sybase, Inc.  OK.