Community

User in ArcSDE for DB2 can see other user's feature dataset

1790
4
Jump to solution
06-04-2014 01:19 AM
JeffYang
by
New Contributor
‎06-04-2014 01:19 AM
Hi, Everyone:

    I have two users,one is sde, the other is qh, both for test.

    I created a feature dataset using user sde, and imported several featureclass in that dataset.

    When I using user qh connect to ArcSDE in ArcCatlog, I can see the featuredataset of user sde, but I can not see the featureclass in that dataset.

    What we want is: Each user can only see their own data. Is it possible? I use the flowing document to set the user privileges, but it do not mention these.

  http://resources.arcgis.com/en/help/main/10.1/index.html#/User_privileges_for_geodatabases_in_DB2/00...

   Thanks advance.
0 Kudos
1 Solution

Accepted Solutions
VinceAngelo
by Esri Esteemed Contributor
Esri Esteemed Contributor
‎06-04-2014 03:03 AM
While it is against best practice to load any spatial data as the SDE user (SDE should be
reserved for geodatabase administration), the issue here is in the fundamental design
of geodatabases.  Feature datasets do not exist as database objects, and therefore
cannot have permissions granted in such a way as to quickly determine whether a
user has access to them.  They are therefore, by design, listed at all times, and when
"exploded," permission to all the contained objects is tested (and if any are not
visible, then none of them are).

- V

View solution in original post

0 Kudos
4 Replies
EmadAl-Mousa
by
Occasional Contributor III
‎06-04-2014 01:39 AM
Hi Jeff,

you should not create data under "sde" user, you should create (feature classes, datasets,other geodatabase objects,...etc) under a  new schema.

in your case you can use "qh" user.

the schema account will by default see its own data only.

Regards
0 Kudos
VinceAngelo
by Esri Esteemed Contributor
Esri Esteemed Contributor
‎06-04-2014 03:03 AM
While it is against best practice to load any spatial data as the SDE user (SDE should be
reserved for geodatabase administration), the issue here is in the fundamental design
of geodatabases.  Feature datasets do not exist as database objects, and therefore
cannot have permissions granted in such a way as to quickly determine whether a
user has access to them.  They are therefore, by design, listed at all times, and when
"exploded," permission to all the contained objects is tested (and if any are not
visible, then none of them are).

- V
0 Kudos
JeffYang
by
New Contributor
‎06-04-2014 04:31 PM
Thanks,Vangelo. We know now that it is inevitable in DB2.



While it is against best practice to load any spatial data as the SDE user (SDE should be
reserved for geodatabase administration), the issue here is in the fundamental design
of geodatabases.  Feature datasets do not exist as database objects, and therefore
cannot have permissions granted in such a way as to quickly determine whether a
user has access to them.  They are therefore, by design, listed at all times, and when
"exploded," permission to all the contained objects is tested (and if any are not
visible, then none of them are).

- V
0 Kudos
VinceAngelo
by Esri Esteemed Contributor
Esri Esteemed Contributor
‎06-04-2014 05:16 PM
It's inevitable in SQL-Server, Oracle, PostgreSQL, and Informix as well. 
It's just the way geodatabase works.

- V
0 Kudos