Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Access restrictions

5 posts in General Discussion Last posting was on 2008-11-26 18:53:31.0Z
Simon Posted on 2008-11-26 16:04:59.0Z
Sender: 6671.492d62ac.1804289383@sybase.com
From: Simon
Newsgroups: ianywhere.public.general
Subject: Access restrictions
X-Mailer: WebNews to Mail Gateway v1.1t
Message-ID: <492d73ab.6ab4.1681692777@sybase.com>
NNTP-Posting-Host: 10.22.241.41
X-Original-NNTP-Posting-Host: 10.22.241.41
Date: 26 Nov 2008 08:04:59 -0800
X-Trace: forums-1-dub 1227715499 10.22.241.41 (26 Nov 2008 08:04:59 -0800)
X-Original-Trace: 26 Nov 2008 08:04:59 -0800, 10.22.241.41
Lines: 5
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:7230
Article PK: 5446

When we create users we can make them DBA or Resource etc.
How do you restrict particular user in different ways?
I prefer to create a user just to check whether a connection
possible and then allow it to SELECT just one table. This is
for a troubleshooting purpose using ODBC connection.


Josh Savill [Sybase iAnywhere] Posted on 2008-11-26 16:30:30.0Z
From: "Josh Savill [Sybase iAnywhere]" <no_spam_jsavill@ianywhere.com>
Organization: Sybase iAnywhere
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
Newsgroups: ianywhere.public.general
Subject: Re: Access restrictions
References: <492d73ab.6ab4.1681692777@sybase.com>
In-Reply-To: <492d73ab.6ab4.1681692777@sybase.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: vip152.sybase.com
X-Original-NNTP-Posting-Host: vip152.sybase.com
Message-ID: <492d79a6$1@forums-1-dub>
Date: 26 Nov 2008 08:30:30 -0800
X-Trace: forums-1-dub 1227717030 10.22.241.152 (26 Nov 2008 08:30:30 -0800)
X-Original-Trace: 26 Nov 2008 08:30:30 -0800, vip152.sybase.com
Lines: 16
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:7231
Article PK: 5448

Documentation:
http://dcx.sybase.com/index.php#http%3A%2F%2Fdcx.sybase.com%2F1100en%2Fdbadmin_en11%2Fumanper.html

The section under Granting permissions on tables is a good place to start.

--
Joshua Savill
Sybase iAnywhere - Product Manager

Simon wrote:
> When we create users we can make them DBA or Resource etc.
> How do you restrict particular user in different ways?
> I prefer to create a user just to check whether a connection
> possible and then allow it to SELECT just one table. This is
> for a troubleshooting purpose using ODBC connection.


Simon Posted on 2008-11-26 17:44:35.0Z
Sender: 6671.492d62ac.1804289383@sybase.com
From: Simon
Newsgroups: ianywhere.public.general
Subject: Re: Access restrictions
X-Mailer: WebNews to Mail Gateway v1.1t
Message-ID: <492d8b03.6dca.1681692777@sybase.com>
References: <492d79a6$1@forums-1-dub>
NNTP-Posting-Host: 10.22.241.41
X-Original-NNTP-Posting-Host: 10.22.241.41
Date: 26 Nov 2008 09:44:35 -0800
X-Trace: forums-1-dub 1227721475 10.22.241.41 (26 Nov 2008 09:44:35 -0800)
X-Original-Trace: 26 Nov 2008 09:44:35 -0800, 10.22.241.41
Lines: 29
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:7232
Article PK: 5449

I am using SQL Anywhere 10.0.2
According to the documents, we could make a user and given
him permission to be DBA, Resource, Remote, Validate etc.

The question is if the requirment is to make a user that
required permission only to SELECT a particular table,
should he be make a DBA, Resource or Validate?

This prior to making any grants/permissions

> Documentation:
>
http://dcx.sybase.com/index.php#http://dcx.sybase.com/1100en/dbadmin_en11/umanper.html
>
> The section under Granting permissions on tables is a good
> place to start.
>
> --
> Joshua Savill
> Sybase iAnywhere - Product Manager
>
>
> Simon wrote:
> > When we create users we can make them DBA or Resource
> > etc. How do you restrict particular user in different
> > ways? I prefer to create a user just to check whether a
> > connection possible and then allow it to SELECT just one
> > table. This is for a troubleshooting purpose using ODBC
> connection.


Josh Savill [Sybase iAnywhere] Posted on 2008-11-26 18:44:38.0Z
From: "Josh Savill [Sybase iAnywhere]" <no_spam_jsavill@ianywhere.com>
Organization: Sybase iAnywhere
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
Newsgroups: ianywhere.public.general
Subject: Re: Access restrictions
References: <492d79a6$1@forums-1-dub> <492d8b03.6dca.1681692777@sybase.com>
In-Reply-To: <492d8b03.6dca.1681692777@sybase.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: vip152.sybase.com
X-Original-NNTP-Posting-Host: vip152.sybase.com
Message-ID: <492d9916$1@forums-1-dub>
Date: 26 Nov 2008 10:44:38 -0800
X-Trace: forums-1-dub 1227725078 10.22.241.152 (26 Nov 2008 10:44:38 -0800)
X-Original-Trace: 26 Nov 2008 10:44:38 -0800, vip152.sybase.com
Lines: 43
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:7235
Article PK: 5452

No, if you want to grant a user only SELECT permissions, they should be not be granted DBA,
Resource, etc. These are special authorities in the database.

The syntax between SQL Anywhere 11.0.0 and 10.0.1 should be identical.

http://dcx.sybase.com/index.php#http%3A%2F%2Fdcx.sybase.com%2Fhtml%2Fdbrfen10%2Frf-grant-statement.html

GRANT SELECT ON table_name TO userid;

--
Joshua Savill
Sybase iAnywhere - Product Manager

Simon wrote:
> I am using SQL Anywhere 10.0.2
> According to the documents, we could make a user and given
> him permission to be DBA, Resource, Remote, Validate etc.
>
> The question is if the requirment is to make a user that
> required permission only to SELECT a particular table,
> should he be make a DBA, Resource or Validate?
>
> This prior to making any grants/permissions
>
>> Documentation:
>>
> http://dcx.sybase.com/index.php#http://dcx.sybase.com/1100en/dbadmin_en11/umanper.html
>> The section under Granting permissions on tables is a good
>> place to start.
>>
>> --
>> Joshua Savill
>> Sybase iAnywhere - Product Manager
>>
>>
>> Simon wrote:
>>> When we create users we can make them DBA or Resource
>>> etc. How do you restrict particular user in different
>>> ways? I prefer to create a user just to check whether a
>>> connection possible and then allow it to SELECT just one
>>> table. This is for a troubleshooting purpose using ODBC
>> connection.


Breck Carter [TeamSybase] Posted on 2008-11-26 18:53:31.0Z
From: "Breck Carter [TeamSybase]" <NOSPAM__breck.carter@gmail.com>
Newsgroups: ianywhere.public.general
Subject: Re: Access restrictions
Organization: RisingRoad Professional Services
Reply-To: NOSPAM__breck.carter@gmail.com
Message-ID: <3h6ri4139010qtek64c201491avhjstsvj@4ax.com>
References: <492d79a6$1@forums-1-dub> <492d8b03.6dca.1681692777@sybase.com>
X-Newsreader: Forte Agent 2.0/32.640
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: vip152.sybase.com
X-Original-NNTP-Posting-Host: vip152.sybase.com
Date: 26 Nov 2008 10:53:31 -0800
X-Trace: forums-1-dub 1227725611 10.22.241.152 (26 Nov 2008 10:53:31 -0800)
X-Original-Trace: 26 Nov 2008 10:53:31 -0800, vip152.sybase.com
Lines: 50
X-Authenticated-User: TeamSybase
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.general:7238
Article PK: 5455

I am not sure what you are asking, but here is the answer to just this
part: "to make a user that required permission only to SELECT a
particular table"


GRANT CONNECT TO limited IDENTIFIED BY sql;

GRANT SELECT ON xyz TO limited;

On 26 Nov 2008 09:44:35 -0800, Simon wrote:

>I am using SQL Anywhere 10.0.2
>According to the documents, we could make a user and given
>him permission to be DBA, Resource, Remote, Validate etc.
>
>The question is if the requirment is to make a user that
>required permission only to SELECT a particular table,
>should he be make a DBA, Resource or Validate?
>
>This prior to making any grants/permissions
>
>> Documentation:
>>
>http://dcx.sybase.com/index.php#http://dcx.sybase.com/1100en/dbadmin_en11/umanper.html
>>
>> The section under Granting permissions on tables is a good
>> place to start.
>>
>> --
>> Joshua Savill
>> Sybase iAnywhere - Product Manager
>>
>>
>> Simon wrote:
>> > When we create users we can make them DBA or Resource
>> > etc. How do you restrict particular user in different
>> > ways? I prefer to create a user just to check whether a
>> > connection possible and then allow it to SELECT just one
>> > table. This is for a troubleshooting purpose using ODBC
>> connection.

--
Breck Carter http://sqlanywhere.blogspot.com/

RisingRoad SQL Anywhere and MobiLink Professional Services
breck.carter@risingroad.com