revoking Privilege from One Admin User On Table Owned by Another Admin User

revoking Privilege from One Admin User On Table Owned by Another Admin User

Post by Rahul Babb » Wed, 12 Sep 2007 16:24:23


Hi,

I have two users, both of which are part of db2grp1, which is the
admin user.
db2grp1 has atleast 2 users, user1 and user2.
I create a table in user2, name it table2.
When i try to delete the contents of that table through user1, it does
delete.
I tried various ways like
"Revoke Delete on user2.table2 from user1"
"Revoke Delete on user2.table2 from all"
"Revoke Delete on user2.table2 from public"

but every time it gives the error saying user1 doesn't hold this
privilege, all doesn't hold this priv, public doesn't hold this priv
etc.
But still allows delete from table2.

I suspect it is because user1 is part of the admin group(db2grp1).
Currently, I cannot afford to remove the user1 from db2grp1.

Is there a way, user1 is not allowed to delete on table and not
allowed to drop that table as well.

Basically, i am trying to find out who is mass deleting the data from
the configuration tables and had written a trigger for the same so
that the ip address of the machine.
Is you can tell me any other efficient way to track the guy who is
deleting the records, i will bve grateful.

Also, it was mentioned by Serge, that the changes that you make in the
database are logged.
I couldn't get where are they logged.
I want to find out who deleted all the records from the config tables.

Please help

Thanks

Rahul