The dbo & sde have no ???authority??? on the features classes added by users,

JamalNUMAN · ‎02-03-2013

The dbo & sde have no ???authority??? on the features classes added by users,

??? I???m wondering how the dbo and sde users have no ???authority??? on feature classes added by other users. They can???t offer privileges on these feature classes!
??? At the same time, I???m not sure at which level a particular user is granted a permission to add feature class to the SDE geodatabase

For example, let???s consider the following scenario:

1. ???H1??? is the SDE geodatabase (which contains only one feature class) and ???Sa??? is the administrator
[ATTACH=CONFIG]21374[/ATTACH]

2. ???e1??? is a user for ???H1??? while

[ATTACH=CONFIG]21375[/ATTACH]

3. The ???e1??? copied and pasted the feature class ???B???

4. ???Sa??? has no authority to grant privileges on the ???B??? feature class

[ATTACH=CONFIG]21376[/ATTACH]

5. Is the ???e1??? the only one who can grant permission to this layer (???B???)?

[ATTACH=CONFIG]21377[/ATTACH]

Thank you

Best

Jamal

----------------------------------------
Jamal Numan
Geomolg Geoportal for Spatial Information
Ramallah, West Bank, Palestine

AsrujitSengupta · ‎02-04-2013

Jamal,

To keep it simple,

The Select, Insert, Update, Delete granted at the database level are referred to as "Permissions" and provides the user the permission on all the data in that geodatabase.

Here is an image showing granting permissions to a user in a geodatabase (SQL Server--> Right-Click on the database in SQL Server Management Studio-->Properties):
[ATTACH=CONFIG]21428[/ATTACH]

The Select, Insert, Update, Delete granted at the Data level are referred to as "Privileges" and provides the user the mentioned privileges on that data only. So what we grant from ArcCatalog are basically Privileges on those data.

Regards,

View solution in original post

AsrujitSengupta · ‎02-04-2013

Its clearly mentioned in all the Webhelps:

Only the table owner can alter privileges on it.

Only the table owner can drop it or alter its definition; therefore, even if another user has been granted insert, update, and delete privileges on a dataset, that user cannot alter the schema.

The dbo and db_owner roles will not appear in the User/Role list for SQL Server databases. These users automatically have full privileges on all data, and you cannot revoke those privileges.

http://resources.arcgis.com/en/help/main/10.1/index.html#/Granting_and_revoking_privileges_on_datase...

Regards,

Anonymous User · ‎02-04-2013

Original User: Jamal432@gmail.com

Its clearly mentioned in all the Webhelps:

Only the table owner can alter privileges on it.

Only the table owner can drop it or alter its definition; therefore, even if another user has been granted insert, update, and delete privileges on a dataset, that user cannot alter the schema.

The dbo and db_owner roles will not appear in the User/Role list for SQL Server databases. These users automatically have full privileges on all data, and you cannot revoke those privileges.

http://resources.arcgis.com/en/help/main/10.1/index.html#/Granting_and_revoking_privileges_on_datase...

Regards,

Many thanks Asrujit for the elaboration. This is very helpful.

Sounds that I got kind of overlap between concepts

1. Insert/ update/delete AT THE LEVEL OF GEODATABASE: in this case the user is given permissions to add/create/delete feature classes to the geodatabase (It is not clear where the user is given this permission)

2. Insert/ update/delete AT THE LEVEL OF FEATURE CLASS: in this case the user is given permissions to modify the feature class itself such as updating, deleting or adding features (it is clear where the user is given this permission)

[ATTACH=CONFIG]21419[/ATTACH]

Best

Jamal

AsrujitSengupta · ‎02-04-2013

Jamal,

To keep it simple,

The Select, Insert, Update, Delete granted at the database level are referred to as "Permissions" and provides the user the permission on all the data in that geodatabase.

Here is an image showing granting permissions to a user in a geodatabase (SQL Server--> Right-Click on the database in SQL Server Management Studio-->Properties):
[ATTACH=CONFIG]21428[/ATTACH]

The Select, Insert, Update, Delete granted at the Data level are referred to as "Privileges" and provides the user the mentioned privileges on that data only. So what we grant from ArcCatalog are basically Privileges on those data.

Regards,

Anonymous User · ‎02-04-2013

Original User: Jamal432@gmail.com

Jamal,

To keep it simple,

The Select, Insert, Update, Delete granted at the database level are referred to as "Permissions" and provides the user the permission on all the data in that geodatabase.

Here is an image showing granting permissions to a user in a geodatabase (SQL Server--> Right-Click on the database in SQL Server Management Studio-->Properties):
[ATTACH=CONFIG]21428[/ATTACH]

The Select, Insert, Update, Delete granted at the Data level are referred to as "Privileges" and provides the user the mentioned privileges on that data only. So what we grant from ArcCatalog are basically Privileges on those data.

Regards,

This a very powerful elaboration Asrujit. This is precisely what I wanted to understand. I like the distinction that you have made between privileges and permission and the screenshot. Really very useful.

To summarize:

1. Once a user is ADDED to SDE geodatabase (from the Catalog of ArcMap) then this user is granted some permissions on that DATABASE LEVEL mainly connect/create procedure/create table/create view/ view definition.

[ATTACH=CONFIG]21432[/ATTACH], [ATTACH=CONFIG]21433[/ATTACH], [ATTACH=CONFIG]21434[/ATTACH]

2. Once a user is granted privileges on a FEATURE CLASS LEVEL, then the level of privileges on that particular feature class can be set. In fully versioned SDE geodatabase, the insert/update/delete are selected automatically TOGETHER if one of them is selected.

[ATTACH=CONFIG]21435[/ATTACH], [ATTACH=CONFIG]21436[/ATTACH]

Best

Jamal

The dbo &amp; sde have no ???authority??? on the features classes added by users,

The dbo & sde have no ???authority??? on the features classes added by users,