Re: Single schema access -- MIDRANGE-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

Is there a way to list out the authority for *public for all schemas?
...

I think this will work:

// Count the number of schema that are *PUBLIC *USE
SELECT count(*)
FROM QSYS2.SYSSCHEMAAUTH
WHERE GRANTEE='PUBLIC'
AND PRIVILEGE_TYPE='USAGE'

and the answer is 511. This leaves about 100 they do not have access to.

// count of all schemas
select count(*)
from qsys2.sysschemas
617

// Count *PUBLIC *EXCLUDE schemas
SELECT COUNT(*)
FROM QSYS2.SYSSCHEMAS
WHERE SYSTEM_SCHEMA_NAME NOT IN(
SELECT SYSTEM_SCHEMA_NAME
FROM QSYS2.SYSSCHEMAAUTH
WHERE GRANTEE='PUBLIC')
= 106

// List of *PUBLIC *EXCLUDE schemas:
SELECT SYSTEM_SCHEMA_NAME
FROM QSYS2.SYSSCHEMAS
WHERE SYSTEM_SCHEMA_NAME NOT IN(
SELECT SYSTEM_SCHEMA_NAME
FROM QSYS2.SYSSCHEMAAUTH
WHERE GRANTEE='PUBLIC')

What I am not seeing is whether or not the user can modify, or just read,
objects within that schema.
Is that the difference between PRIVILEGE_TYPE 'USAGE vs 'CREATEIN'?

*USE authority to a library tells authority checking to use the authority
of the objects within that schema. So they can insert, update, delete
data and tables to tables they have permission to.
CREATEIN (*CHANGE) allows them to create new items within that schema in
addition to USAGE (*USE).

Rob Berendt

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.