Granting Default Permissions on System Tables

System tables that you can grant and revoke the default permissions for when you issue the command from any database.

  • sysalternates

  • sysattributes

  • syscolumns

  • syscomments

  • sysconstraints

  • sysdepends

  • sysindexes

  • sysjars

  • syskeys

  • syslogs

  • sysobjects

  • syspartitions

  • sysprocedures

  • sysprotects

  • sysqueryplans

  • sysreferences

  • sysroles

  • syssegments

  • sysstatistics

  • systabstats

  • systhresholds

  • systypes

  • sysusermessages

  • sysusers

  • sysxtypes

The command also makes the following changes:
  • Revokes syscolumns (encrkyid) and syscolumns (encrkydb) permissions from public.

  • Revokes syscolumns (encrkydb) and syscolumns (encrkyid) permissions from public.

  • Revokes sysobjects(audflags) permissions from public

  • Grants permissions for sysobjects to sso_role

  • Revokes select on all columns of sysencryptkeys from public

  • Grants select on all sysencryptkeys columns to sso_role

  • Grants permissions for syscolumns to sso_role

The system tables for which you can grant and revoke the default permissions when you issue the command from the master database are:
  • syscharsets

  • sysconfigures

  • syscurconfigs

  • sysdatabases

  • sysdevices

  • syslanguages

  • syslogins

  • syslocks

  • sysmessages

  • sysprocesses

  • sysremotelogins

  • sysresourcelimits

  • sysservers

  • syssessions

  • systimeranges

  • systransactions

  • sysusages

The command also:
  • Revokes select on sysdatabases(audflags) from public

  • Revokes select on sysdatabases(deftabaud) from public

  • Revokes select on sysdatabases(defvwaud) from public

  • Revokes select on sysdatabases(defpraud) from public

  • Revokes select on sysdatabases(audflags2) from public

  • Grants select on sysdatabases to sso_role

  • Revokes select on syslogins(password) from public

  • Revokes select on syslogins(audflags) from public

  • Revokes select on syslogins(lpid) from public

  • Grants select on syslogins to sso_role

  • Revokes select on syslisteners(net_type) from public

  • Revokes select on syslisteners(address_info) from public

  • Grants select on syslisteners to sso_role

  • Revokes select on syssrvroles(srid) from public

  • Revokes select on syssrvroles(name) from public

  • Revokes select on syssrvroles(password) from public

  • Revokes select on syssrvroles(pwdate) from public

  • Revokes select on syssrvroles(status) from public

  • Revokes select on syssrvroles(logincount) from public

  • Grants select on syssrvroles to public

  • Revokes select on sysloginroles(suid) from public

  • Revokes select on sysloginroles(srid) from public

  • Revokes select on sysloginroles(status) from public

  • Grants select on sysloginroles to sso_role

  • Revokes select on sysinstances(hostname) from public

  • Grants select on sysinstances to sso_role