Options for Granting or Revoking Database Grants

Previous Next

The Authorizer offers four options to grant or revoke access rights:

Update Application Rights

This option updates all rights for a specified application. That is, the rights of all user groups have access to that application.

Update User Group Rights

This option updates all rights that a specified user group has for a specified application.

Update User Rights

This option updates all rights that a certain user has for a given application.

Revoke All Table Rights

This option revokes all rights for a given application, for one or all users.

NOTE 1: When updating application rights, only users of accounts with type RDBMS or Funnel are included in the GRANT statements. Funneling accounts are NOT included.

NOTE 2: Removing a user from a user group without assigning them to another user group, and then updating the application/user group rights, is not sufficient to revoke the right of the user as defined in the database server. You must explicitly generate and execute "hand over the (RDBMS) key" statements to revoke the rights in the database server, otherwise it would still be possible to bypass the Authorizer using RDBMS vendor middleware.

You should use the Revoke All Table Rights option to revoke a user's rights in the database server.

NOTE 3: When application rights or user group rights are updated, the rights of the application OWNER are not updated. The only way to update the rights of the application owner, is by updating the owner's individual update rights.

 

See Also

Database Grants