Books
in black and white
Main menu
Share a book About us Home
Books
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics
Ads

Teradata RDBMS forUNIX SQL Reference - NCR

NCR Teradata RDBMS forUNIX SQL Reference - NCR, 1997. - 913 p.
Download (direct link): teradataforunix1997.pdf
Previous << 1 .. 173 174 175 176 177 178 < 179 > 180 181 182 183 184 185 .. 241 >> Next


8-238

Teradata RDBMS for UNIX SQL Reference
Teradata SQL Syntax Guide

REVOKE Statement (MONITOR)

The following examples illustrate the use of REVOKE:

Examples

The following statement revokes from UserA any access to any Example I object in the Personnel database:

REVOKE ALL PRIVILEGES ON Personnel FROM UserA ;

The following statement may be used to leave UserA with at least the SELECT privilege on the Department table:

REVOKE ALL BUT SELECT ON Personnel.Department FROM UserA;

The following statement leaves UserA with the SELECT privilege Example 3 on every object in the Personnel database:

REVOKE ALL BUT SELECT ON Personnel FROM UserA ;

Example 2

Teradata RDBMS for UNIX SQL Reference

8-239
Teradata SQL Syntax Guide

REVOKE LOGON

Function

Syntax

REVOKE LOGON

The REVOKE LOGON statement retracts permission to log on to the Teradata RDBMS from one or more specific client systems. It also may be used to change the current system defaults.

This statement can be submitted only by the system administrator or by a user to whom the system administrator has granted the EXECUTE privilege on the DBC.LogonRule macro.

REVOKE LOGON is flagged as non-ANSI, when the SQL flagger is enabled.

REVOKE LOGON

where:

Syntax Element ... Specifies . . .
hostid an integer which identifies a mainframe channel connection or a LAN connection that is currently defined to the Teradata RDBMS by the hardware configuration data. The interface need not be operational. The value for the Teradata RDBMS console is 0 (zero). For any other connector, the hostid is a valued from 1 to 1023.
ALL any source through which a logon is attempted, including the Teradata RDBMS console.
AS DEFAULT that the current default for the specified hostid(s) is to be changed, without residual conditions, as defined in this REVOKE LOGON statement. A statement with AS DEFAULT has no effect on the access revoked from or granted to particular usernames. A statement that sets the default for a specific hostid takes precedence over a statement that sets the default for ALL client systems.

8-240

Teradata RDBMS for UNIX SQL Reference
Teradata SQL Syntax Guide

REVOKE LOGON

Syntax Element ... Specifies . . .
TO keywords introduced to override the current default for the specified
FROM dbname(s) (or username(s)) on the specified hostid(s).
dbname list the name DBC cannot be specified as a dbname (username) in a REVOKE LOGON statement (see Usage Notes). A statement that includes this name returns an error message. The product of the number of hostids times the number of dbnames (usernames) cannot exceed 25.

When the Teradata RDBMS is connected to multiple client systems, the initial default is that logon permission is granted to all users from all hostids, and that all logons must include a password.

• The GRANT LOGON and REVOKE LOGON statements control which users have access from which client system connections.

• A REVOKE LOGON statement inhibits only future logon attempts; it does not affect users who are currently logged on.

When a REVOKE LOGON statement is submitted, the system checks that the requesting user has EXECUTE privilege on the system macro, DBC.LogonRule. However, no checks are made on whether the dbnames or usernames defined in the statement apply to users owned by the requesting user. If the submitted statement cannot be verified because it specifies an invalid dbname (username) or an invalid hostid, no action is taken on the statement.

When a REVOKE LOGON statement is entered for one or more dbnames or usernames, a logon control record is created for each dbname (username)/hostid pair specified. Any existing control record for a particular pair is replaced. The logon control record(s) created for a particular dbname (username) will stay in existence until that user is dropped (see “DROP DATABASE, DROP USER” statement).

New Control Record Created WIth Each REVOKE LOGON

Privileges Required

Default Logon Permissions

Teradata RDBMS for UNIX SQL Reference

8-241
Teradata SQL Syntax Guide

REVOKE LOGON

REVOKE LOGON for DBC Gives an Error

AS DEFAULT

Any attempt to REVOKE LOGON for username DBC will result in an error. If an attempt is made to log on to the Teradata RDBMS with username DBC and the correct password is submitted, the logon is accepted regardless of the current default for the applicable hostid. This prevents any opportunity to lock out all hosts from user DBC.

A statement that includes the AS DEFAULT option has no effect on the logon access granted to or revoked from specific dbnames or usernames. Therefore, a user named in a REVOKE LOGON statement cannot access the applicable client system even if that client system has a default of GRANT, and a user named in a GRANT LOGON statement can always access the applicable client even if that client has a default of REVOKE.

8-242

Teradata RDBMS for UNIX SQL Reference
Previous << 1 .. 173 174 175 176 177 178 < 179 > 180 181 182 183 184 185 .. 241 >> Next