By Mark Gillis


In the first part of this blog I outlined an issue I’d come across with the conferring of Role-based permissions to Groups for certain objects. Here’s one way around it and some further observations on the underlying issue.


Possible workaround

I did say I didn’t entirely like this option but it’s all I have been able to come up with so far.

If you want to enforce the structure of Users being allocated to Groups by your Windows or Unix Admins / Customers, you might have to keep the CREATE option up at the Database Administrator level. Once a View, Proc or whatever is in existence, the subsequent dynamic operations will be validated against the Group credentials and that can be operated by the Users who are members of appropriate Groups. This lets your User population stay fluid, whilst the Groups and Roles can stay relatively, if not entirely, static.

Read the blog in full.



E-mail me when people leave their comments –

You need to be a member of WorldofDb2 to add comments!

Join WorldofDb2