/* -------------------------------------------------------------*/
/* Check for "orphan" accessright entries, i.e. accessrights that reference */
/* non-existent tables. Orphan access rights will not cause a problem unless you */
/* get so many that they impact the access performance. */
/* -------------------------------------------------------------*/
SELECT count(*) FROM DBC.AccessRights
WHERE TVMID <> '000001000000'xb
AND TVMID NOT IN (SEL TVMId FROM DBC.TVM);
/* -------------------------------------------------------------*/
/* Check for accessrights that reference non-existent databases. */
/* -------------------------------------------------------------*/
SELECT count(*) FROM DBC.AccessRights
WHERE DatabaseId NOT IN (SEL DatabaseId from DBC.DBase);
/* -------------------------------------------------------------*/
/* Check for access rights granted to non-existent users. */
/* -------------------------------------------------------------*/
SELECT count(*) FROM DBC.AccessRights
WHERE UserID NOT IN (SEL DatabaseID FROM DBC.DBase)
AND UserID NOT IN (SEL RoleID from DBC.Roles);
/* -------------------------------------------------------------*/
/* Check for accessrights that extend Reference or Index access at the database */
/* level (this is only valid at the table level). Reference DR 43044 */
/* If these exist it is a security hole. */
/* All must be removed or any subordinate databases will inherit the problem. */
/* -------------------------------------------------------------*/
SELECT count(*) FROM DBC.AccessRights
WHERE AccessRight IN ('IX','RF')
AND Databaseid <> '00'xb
AND TVMId = '000000000000'xb;
/* -------------------------------------------------------------*/
/* Check for accessrights entries that are not properly manipulated by access */
/* logging (see DR 48757) */
/* -------------------------------------------------------------*/
SELECT count(*) FROM DBC.AccessRights WHERE AccessRight = 'RO'
and userid = '00000100'xb AND databaseid = '00000100'xb;
No comments:
Post a Comment