Sybase ASE DDL_Prevent

Question

My question is about Sybase ASE 15.3 version database.When our database checked by outsource database professionals for securtiy control, they were noted that problem :

"It was noted that DDL_PREVENT trigger control restricting DDL commands in database was not established in your database. Only database administrator accounts and deployment application account (such as TCDEPLOY) should be allowed to execute DDL commands in trigger."

I know "there is DLL_PREVENT mechanism in Oracle Or MSSQL".Is there any method for Sybase? How can i solve this problem?

Thank You

Answer 1

According to Sybase the following are not supported in triggers:

SQL statements that are not allowed in triggers Since triggers execute as part of a transaction, the following statements are not allowed in a trigger:

•All create commands, including create database, create table, create index, create procedure, create default, create rule, create trigger, and create view

•All drop commands

•alter table and alter database

•truncate table

•grant and revoke

•update statistics

•reconfigure

•load database and load transaction

•disk init, disk mirror, disk refit, disk reinit, disk remirror, disk unmirror

•select into

That covers most of your DDL. If there are other commands that you want to restrict, you will likely have to do it through revoking the permssions to users or groups. See Managing User Permissions in the Sybase Administration Guide.

The links are to the Sybase ASE 15.5, not 15.3, but I don't believe there were changes to these areas between these versions.