Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Two databases, remote synonyms and granting select (read-only) permissions

436 views
Skip to first unread message

MADS

unread,
Aug 24, 2009, 9:12:41 PM8/24/09
to
Hi everybody!

We have an IDS 10 production database with hundreds of tables.

We created a new database for a read-only web application.

We created synonyms in the new database, pointing to the production
database, for the few tables that will be used in the web application.

And, we want to grant only select permissions to those synonyms for a
new "readonly" user.

We tried to grant select permissions to the synonym, and got:

556: Cannot create, drop, or modify an object that is external to
current database.

So we the granted the select permissions for the user in the original
tables, but no connect permission to the original database.

The problem is that when the user accesses the tables, he gets:

387: No connect permission.
111: ISAM error: no record found.

We don't want the user to connect to the productive database...

So, any ideas?

Superboer

unread,
Aug 25, 2009, 3:28:00 AM8/25/09
to

i guess the user needs to be able to logon.....
if that is not wanted you could set up ER or something or set up HDR
and have them connect to the readonly
secondary or???

Superboer.

Ian Michael Gumby

unread,
Aug 25, 2009, 8:33:20 AM8/25/09
to super...@t-online.de, inform...@iiug.org
Very quickly.

If you want to use a synonym, you're going to have to create connect permissions.
You're also going to have a *bit* of overhead and delays from using a remote database via a synonym. Meaning that performance will vary based on hardware, networking... and it may not be a good idea. (Assuming the database is on a different machine. If on the same machine, again performance will vary.)

If you want, create a *special* user for the web app, and only grant connect and select privileges for the web app? This accomplishes the same thing without having the additional overhead.

If you *need* to create a separate *read only* database, then ER/HDR would be the better way to go.

So if you're using the 'cheap'(er)* version of IDS that doesn't offer ER/HDR, then create the second database, grant connect and select permissions to the web app, and then do the same for your main database. I'd put the database on a different server because of the overhead. You don't say anything about your network or options, but if you can afford a high speed network card (2 of them), put one each in the database servers, create your own 10.x.x.x network segment, and use that only for database to database connection.
(1GB cards are common enough these days). This might reduce your overhead.

If you've got one of those 2 socket 8 core 5500 series Xeon chips, then split the box to two virtual servers and then you'd have less issues with the overhead.

The interesting thing is that you could subnet your databases and your external web server so that it can only see your secondary server. There are lots of ways to slice and dice this given enough of a budget. ;-)

* Note: Workgroup vs Enterprise. Workgroup is *much* cheaper if you can live within its limitations. (Many can!)

But hey!
What do I know? I still think that hydrencephali is a precursor to becoming an exec within IBM.
This would explain IBM's love affair with polysorbate 80.
(Hint: You can google the terms, but if you have to, then you don't know your underground comics from the 70's .)

-G
> _______________________________________________
> Informix-list mailing list
> Inform...@iiug.org
> http://www.iiug.org/mailman/listinfo/informix-list

Windows Live: Make it easier for your friends to see what you’re up to on Facebook. Find out more.

MADS

unread,
Aug 25, 2009, 2:30:04 PM8/25/09
to
Bummer! Both databases are in the same server...

I'll investigate to try to replicate only the few tables needed with
(sorry for the SQL Server slang, it the only db that I've replicated)
standard transactional replication (meaning the subscribers updates
won't replicate to the server).

Thank you all for your advice!

Manuel Daponte

> > Informix-l...@iiug.org
> >http://www.iiug.org/mailman/listinfo/informix-list
>
> _________________________________________________________________
> Windows Live: Make it easier for your friends to see what you’re up to on Facebook.http://windowslive.com/Campaign/SocialNetworking?ocid=PID23285::T:WLM...- Hide quoted text -
>
> - Show quoted text -

MADS

unread,
Aug 25, 2009, 2:31:35 PM8/25/09
to
Ian, is it Zippy?

In Spain he was "Zippy Cocopera"...

On Aug 25, 8:33 am, Ian Michael Gumby <im_gu...@hotmail.com> wrote:

Ian Michael Gumby

unread,
Aug 25, 2009, 3:00:38 PM8/25/09
to mdap...@gmail.com, inform...@iiug.org


> From: mdap...@gmail.com
> Subject: Re: Two databases, remote synonyms and granting select (read-only) permissions
> Date: Tue, 25 Aug 2009 11:31:35 -0700
> To: inform...@iiug.org
>
> Ian, is it Zippy?
>
> In Spain he was "Zippy Cocopera"...
>
[SNIP]

> > But hey!
> > What do I know? I still think that hydrencephali is a precursor to becoming an exec within IBM.
> > This would explain IBM's love affair with polysorbate 80.
> > (Hint: You can google the terms, but if you have to, then you don't know your underground comics from the 70's .)
> >


Why yes it is!

Zippy in any language is still a pinhead!

Based on what IBM is currently doing, one has to give serious credence that all IBM execs have to be pinheads or just don't care about what the company will be left with in a couple of years.

Its definitely not your father's IBM.



With Windows Live, you can organize, edit, and share your photos. Click here.
0 new messages