GBase 8s回收public权限

默认的情况下,数据库中public(具有库级connect权限的用户自动获取public权限)具有insert,delete,update,select,index权限。若只允许public用户只有select权限,则需要回收权限。

-- (单表)回收all权限,仅授予select权限给public
drop procedure if exists revoke_public_table(varchar);
create procedure revoke_public_table(p_tab varchar(128))
  if p_tab is not null AND p_tab <> '' then
    execute immediate "revoke all on "||p_tab||" from public";
    execute immediate "grant select on "||p_tab||" to public";
  end if;
end procedure;

-- (所有表)循环处理所有表,执行revoke_public_table
drop procedure if exists revoke_public();
create procedure revoke_public()
  define p_tab varchar(128);
  FOREACH select tabname into p_tab from systables where tabid > 99 and tabtype = 'T'
    EXECUTE PROCEDURE revoke_public_table(p_tab);
  END FOREACH;
end procedure;

标签: gbase 8s, revoke, grant, public

添加新评论