Granting privileges to layers
Posted
Friday, December 28, 2007 1:47 PM
by
ysa
In our project, we have two users in the database : applicative user and strong user. The strong user is the owner of all the objects (tables,layers,sequences, etc...) and the applicative user has only limited privileges for the object in the strong user.
When creating a new database table, you only have to run the grant SQL command on the table to give the access privileges to the app user. When creating a new layer, you just can't only give privileges to the table which represents the layer, because when creating a layer, the features are held in several tables (s,f,a,d tables). It's a bit difficult to use the grant command for each of these tables.
So, in order to grant privileges to a layer you can :
- Use ArcCatalog built in command : Right click on the layer in ArcCatalog -> Privileges -> Select the privileges and enter the user to which you want to grant the privileges -> OK.
- Use the 'Change Privileges' tool in the ArcCatalog toolbox.
- Use the sdelayer command : From the command line in your SDE server use the following command :
sdelayer -o {grant | revoke}
-l <table,spatial column name>
-U <user>
-A <SELECT,UPDATE,INSERT,DELETE>
[-i <service]
[-s <server_name]
[-D <database]
-u <DB_User_name>
[-p <DB_User_password>]
For example : suppose we have a layer names streets_g. In order to grant select privileges to our app user we will use this command :
sdelayer -o grant -l streets_g,shape -U appUser -A SELECT -u strongUser -p password.
All the above options are good. For installations I recommend to create a script which contains the sdelayer command for each of the layers in your database, or creating a model using the ArcCatalog toolbox does the same thing , but uses the toolbox 'Change Privileges' tool.