User in ArcSDE for DB2 can see other user's feature dataset

1630
4
Jump to solution
06-04-2014 01:19 AM
JeffYang
New Contributor
Hi, Everyone:

    I have two users,one is sde, the other is qh, both for test.

    I created a feature dataset using user sde, and imported several featureclass in that dataset.

    When I using user qh connect to ArcSDE in ArcCatlog, I can see the featuredataset of user sde, but I can not see the featureclass in that dataset.

    What we want is: Each user can only see their own data. Is it possible? I use the flowing document to set the user privileges, but it do not mention these.

  http://resources.arcgis.com/en/help/main/10.1/index.html#/User_privileges_for_geodatabases_in_DB2/00...

   Thanks advance.
0 Kudos
1 Solution

Accepted Solutions
VinceAngelo
Esri Esteemed Contributor
While it is against best practice to load any spatial data as the SDE user (SDE should be
reserved for geodatabase administration), the issue here is in the fundamental design
of geodatabases.  Feature datasets do not exist as database objects, and therefore
cannot have permissions granted in such a way as to quickly determine whether a
user has access to them.  They are therefore, by design, listed at all times, and when
"exploded," permission to all the contained objects is tested (and if any are not
visible, then none of them are).

- V

View solution in original post

0 Kudos
4 Replies
EmadAl-Mousa
Occasional Contributor III
Hi Jeff,

you should not create data under "sde" user, you should create (feature classes, datasets,other geodatabase objects,...etc) under a  new schema.

in your case you can use "qh" user.

the schema account will by default see its own data only.

Regards
0 Kudos
VinceAngelo
Esri Esteemed Contributor
While it is against best practice to load any spatial data as the SDE user (SDE should be
reserved for geodatabase administration), the issue here is in the fundamental design
of geodatabases.  Feature datasets do not exist as database objects, and therefore
cannot have permissions granted in such a way as to quickly determine whether a
user has access to them.  They are therefore, by design, listed at all times, and when
"exploded," permission to all the contained objects is tested (and if any are not
visible, then none of them are).

- V
0 Kudos
JeffYang
New Contributor
Thanks,Vangelo. We know now that it is inevitable in DB2.



While it is against best practice to load any spatial data as the SDE user (SDE should be
reserved for geodatabase administration), the issue here is in the fundamental design
of geodatabases.  Feature datasets do not exist as database objects, and therefore
cannot have permissions granted in such a way as to quickly determine whether a
user has access to them.  They are therefore, by design, listed at all times, and when
"exploded," permission to all the contained objects is tested (and if any are not
visible, then none of them are).

- V
0 Kudos
VinceAngelo
Esri Esteemed Contributor
It's inevitable in SQL-Server, Oracle, PostgreSQL, and Informix as well. 
It's just the way geodatabase works.

- V
0 Kudos