db2中有些函數名子比較奇觀,是 '=', '<', '>' 等。這些函數由於同名的函數不止一個,可能會導致許可權回收的時候產生一些問題,比如:
db2tst@NODE01:~> db2 "select varchar(FUNCSCHEMA,10) as FUNCSCHEMA, varchar(FUNCNAME,10) as FUNCNAME, varchar(SPECIFICNAME,30) as SPECIFICNAME from syscat.functions where funcname='=' and FUNCSCHEMA='SYSPROC' "
FUNCSCHEMA FUNCNAME SPECIFICNAME
---------- ---------- ------------------------------
SYSPROC = SQL200703111424938
SYSPROC = SQL200703111424947
2 record(s) selected.
db2tst@NODE01:~> db2 "select * from sysibmadm.privileges where objectname in ('SQL200703111424947') and AUTHID='PUBLIC'"
AUTHID AUTHIDTYPE PRIVILEGE GRANTABLE OBJECTNAME OBJECTSCHEMA OBJECTTYPE
----------- ---------- ----------- --------- -------------------- ------------------ ------------------------
PUBLIC G EXECUTE N SQL200703111424947 SYSPROC FUNCTION
2 record(s) selected.
問題是,如何從PUBLIC復原這個函數的執行許可權?
直接 REVOKE EXECUTE ON FUNCTION SYSPROC.'=' FROM PUBLIC 是不行的,會報錯SQL0476N,因為函數名有重複,只是引數不同,所以得指定引數格式。但是我們又不知道如何指定
db2tst@NODE01:~> db2 "REVOKE EXECUTE ON FUNCTION SYSPROC.\"=\" FROM PUBLIC"
DB21034E The command was processed as an SQL statement because it was not a
valid Command Line Processor command. During SQL processing it returned:
SQL0476N Reference to routine "SYSPROC.=" was made without a signature, but
the routine is not unique in its schema. SQLSTATE=42725
這時候可以使用 revoke SPECIFIC FUNCTION,使用它對應的 SPECIFICNAME 來複原:
db2tst@NODE01:~> db2 -v "revoke execute on SPECIFIC FUNCTION SYSPROC.SQL200703111424947 from PUBLIC restrict"
revoke execute on SPECIFIC FUNCTION SYSPROC.SQL200703111424947 from PUBLIC restrict
DB20000I The SQL command completed successfully.