Document #: US-38901,EN
------------------------------------------------------------------------------

Major subject: analysis    Minor subjects: tech_notes

Keywords: dba_guide

Abstract:
The "Changing Ownership of Databases and Database Objects" 
chapter of the INGRES Database Administrator's Guide. Equivalent 
to Release 6 Technical Notes #18 and #20, or Release 5 notes 
#18, #19, #24.


Expert note:
Changing Ownership of Databases and Database Objects
====================================================


                              
Overview
--------
It is sometimes necessary to change the ownership of a
database or user object, or to move it to a different
database. This chapter gives procedures for changing the
ownership of databases and user objects.

o	What is Ownership?
o	Objects Whose Ownership Can Be Changed
o	Changing Ownership of a Database Object
o	Changing Ownership of a Table
o	Changing Ownership of a Form
o	Changing Ownership of a Report
o	Changing Ownership of a Graph
o	Changing Ownership of a Database




What is Ownership?
------------------
INGRES supports an ownership scheme for databases, the
individual tables that make up the database, and related
user objects. User objects include forms, reports, and
graphs.

The hierarchy of ownership involves three different user
classes: the INGRES superuser, the DBA, and the end user.
Each class entails a different set of ownership privileges,
discussed in the INGRES Database Administrator's Guide. Two
important rules are that objects cannot be shared:

   o Among users unless the objects are owned by the DBA

   o Between databases

User objects created by the DBA can be used by anyone who
has access to the database. Objects created by anyone other
than the DBA are considered private. (ABF applications and
the objects they contain are an exception, in that they are
always globally accessible.) To make a private object
accessible to anyone other than its creator, the ownership
of the object must be transferred to the DBA.



Objects Whose Ownership Can Be Changed
--------------------------------------
This chapter describes changing the ownership of the
following user objects:

   o Tables -- ownership of a table in a database, created
     through the tables utility, the terminal monitor, or an
     embedded query language program.

   o Forms -- ownership of a form, created through VIFRED

   o Reports -- ownership of a report, created through RBF
     or Report-Writer

   o Graphs -- ownership of a graph, created through VIGRAPH

   o Databases -- ownership of a database in its entirety

These procedures do not include changing ownership of
database procedures.




Changing Ownership of a Database Object
---------------------------------------
When changing ownership of an object, you use an appropriate
copy variation ('copydb', 'copyform', 'copyrep',
'copygraph') twice, to:

   o Copy out the object from the database into an
     intermediate file

   o Copy in the object under new ownership

The copy varies according to the database object. These
variations are described in the individual sections below.

Here is the procedure for changing ownership of an object:

1.   Take the following preparatory steps:

     Make certain that there is a current backup of the
     database.
     
     Insure that the new user does not already own a similar
     object with the same name as that of the object whose
     ownership you wish to change. In that case, the
     existing duplicate object MUST be destroyed before
     proceeding.
     
                          Caution

          If you fail to do this, the new object, owned by
          the new user, will not be successfully created,
          and you may potentially corrupt the existing
          object with unwanted data.

2.   Log in as the DBA of the database (or a superuser).

3.   Use the relevant copy ('copydb', 'copyform, 'copyrep,
     'copygraph') command to copy the object out of the
     database into an intermediate file.

4.   Then, using the copy ('copydb', 'copyform, 'copyrep',
     'copygraph') command in input mode, copy the
     intermediate file back into the database using the '-u'
     flag to specify a different owner. An INGRES superuser
     or the DBA of the database may use this flag.

5.   There will now be two copies of the object in the
     database, one owned by the original owner and one owned
     by the new owner. To remove the original object, the
     DBA or superuser logs into the applicable user
     interface as the original owner (by using the '-u'
     flag) and deletes the original object.

The different copy versions command required for specific
user objects are discussed in the sections below.





Changing Ownership of a Table
-----------------------------

Because only tables owned by the DBA can be accessed by
others, it is often necessary to transfer ownership of a
private table to the DBA. While the usual purpose is
changing from private ownership to public access, the
procedure can be used to change ownership of a table from
any current owner to any new owner.




Using Copydb, Copy.out and Copy.in
- - - - - - - - - - - - - - - - - -

For changing ownership of a table, you give three commands:

First you use a 'copydb' command to create two executable
scripts, 'copy.out' and 'copy.in'. A minimal form of the
'copydb' command for this purpose is:

     copydb -u  

You use an 'sql' command in the following format to execute
the 'copy.out' script. This command copies the table from
the database, with the current ownership, into an
intermediate binary file in your current directory:

     sql -u    ]  
           
 {}

The syntax to copy forms back in is:

     copyform -i [-s] [-u] [-r] 
          

For a complete description of the flags and parameters for
this command, see your query language reference manual.




Form Example
- - - - - - -

Assume a user "user1" wants to make "form1" and "form2"
available for general use in the database "dbname". The
DBA's login is "dba" and "forms.txt" is selected as the
intermediate file name. The following commands change
ownership of the forms from "user1" to "dba":

     $ copyform -uuser1 dbname forms.txt form1 form2
     $ copyform -i -udba dbname forms.txt

At this point there are two versions of the form, one owned
by "user1" and one owned by "dba". In the usual case,
"user1"'s version is no longer needed, and you can remove
the old form by entering VIFRED (using the '-uuser1' flag if
you are the DBA) and deleting the form.




Changing Ownership of a Report
------------------------------
Ownership of reports can be changed using 'copyrep' and
'sreport'.




Copyrep and Sreport Syntax
- - - - - - - - - - - - - -

The syntax of the 'copyrep' command to copy reports out is:

     copyrep [-s] [-u] [-f] ["-G"]
           .rw  {}

The syntax of the 'sreport' command to copy reports back in
is:

     sreport [-s] [-u] ["-G"]
           

For a complete description of the flags and parameters for
'copyrep' and 'sreport', see the INGRES/REPORTS: Report-
Writer Reference Manual. These commands are also given in
your query language reference manual.




Report Example
- - - - - - - -

Assume a user "user1" wants to make "report1" and "report2"
available for general use in the database "dbname". The
DBA's login is "dba" and "textfile.rw" is selected as the
intermediate file name. The following commands change
ownership of the forms from "user1" to "dba":

     $ copyrep -uuser1 -f dbname textfile.rw report1 report2
     $ sreport -udba dbname textfile.rw

At this point there are two versions of the reports, those
owned by "user1" and those owned by "dba". In the usual
case, "user1"'s versions are no longer needed, and you can
remove the old reports by entering RBF (using the '-uuser1'
flag if you are the DBA) and deleting the reports.






Changing Ownership of a Graph
-----------------------------
Because only graphs owned by the DBA can be accessed by
others, it is sometimes necessary to transfer ownership of a
graph.

The 'copygraph' command can be used to change ownership of a
graph.




Copygraph Syntax
- - - - - - - - -

The syntax of the 'copygraph' command to copy graphs out is:

     copygraph out [-u] [-f] 
          

This command copies the form from the database, with the
current ownership, into the default file "iicopygr.tmp".

The syntax to copy graphs back in is:

     copygraph in [-u] [-r] [-f]
           []

For a complete description of the flags and parameters for
this command, see your query language reference manual.




Graph Example
- - - - - - -

Assume a user "user1" wants to make "graph1" available for
general use in the database "dbname". The DBA's login is
"dba". The following commands change ownership of the graph
from "user1" to "dba":

     $ copygraph out -uuser1 dbname graph1
     $ copygraph in -udba -r dbname

The 'copygraph in' command copies the graph back into the
database with the new ownership established. Since the '-r'
flag was given, the new graph will replace any previous
graph by the same name owned by "dba". If you need to retain
a copy of the old graph owned by "dba", you will need to
rename the graph, omitting the '-r 'flag. At this point
there are two versions of the graph, one owned by "user1"
and one owned by "dba". If "user1"'s version is no longer
needed, you can remove the old graph by entering VIGRAPH
(using the '-uuser1' flag if you are the DBA) and deleting
the graph.





Changing Ownership of a Database
--------------------------------
It is sometimes necessary to change the ownership of a
database. This might be required, for example, when a
database moves from development to production, or when the
current DBA moves to a different project.

Following are initial requirements for using this method.
You must have permission to use the:

   o  '-u' flag to impersonate other users

   o  "+U" flag to update system catalogs

The INGRES System Administrator can grant permission to use
these flags through the 'accessdb' program.

Here is the step-by-step procedure. In the command formats
the following general parameters are shown:

          user_old            current owner
          user_new            new owner
          dba                 login of the DBA
          dbname              name of the database

1.   Make certain that there is a current backup of the
     database, preferably an INGRES checkpoint. If there is
     a problem in changing ownership, you may need to
     restore the original database.

2.   Log in as the CURRENT DBA of the database.

3.   Create a temporary working directory since the next few
     steps will create a number of files. Move to that
     directory. Be certain that the temporary directory is
     NOT in the path pointed to by the INGRES environment
     variable ING_ABFDIR or you will lose your unloaded
     files during destroydb'.

4.   Create the unload script with the following command:
     
          $ unloaddb 

                            Note

          If you are also moving the database to a machine
          with a different processor you should unload the
          database with the '-c' flag (unloaddb -c
          ). This produces data files in a portable,
          ASCII format. You may control which query language
          the scripts use with the '-lquery_language' flag.
     
     For example, if you want to use SQL scripts type:
     
          $ unloaddb database_name -lsql

     If you do not use the '-l' flag, scripts will be
     produced in the default query language for your
     installation.
     
     This command will create two script files, 'unload.ing'
     and 'reload.ing'.
     
5.   Unload the database by executing the 'unload.ing'
     script:
     
 	UNIX: $ unload.ing
 	VMS:  $ @unload.ing

6.   Change permissions so the new DBA will be able to work
     with these files:
     
	UNIX ONLY: $ chmod 744 *

7.   Destroy the database with the 'destroydb' command:
     
          $ destroydb 

8.   Log in as the NEW DBA.

9.   Create a fresh database with the correct (new DBA)
     ownership.
     
          $ createdb 

10.  Log in as your installation's INGRES superuser (usually
     'ingres') and go to the directory containing the
     'reload.ing' script.

11.  Edit the 'reload.ing' script. It contains a line for
     each user who owns objects (tables, indexes or views).
     In this example:

        o The user "user_old" is the present DBA.

        o The user "user_new" is the new DBA to whom
          ownership of the database is being transferred.

        o The users "user2_old" and "user3_old" are owners
          of additional user objects in the database.

     Change those lines that reload objects with the user
     flag -u'user_old' so that they will load with the user
     flag of the new user; i.e., change -u'user_old' to -
     u'user_new'. Likewise you can take ownership of the
     user objects of any or all users by changing each user
     line so that it loads with the -u'user_new' user flag.
     In this example user "user_new" takes ownership of all
     user objects, including those previously owned by
     "user2_old" and "user3_old".
     
                          Caution

          The user flag for user '$ingres' should NEVER be
          changed. '$ingres' is a special user_id that is
          used internally for the INGRES system catalogs.




UNIX: 'reload.ing' (before editing)
	
	sql -s -f4F79.38 -f8F79.38 -u'user_old' projectdb\
	     < /tmp/workdir/user_old.in
	sql -s -f4F79.38 -f8F79.38 -u'user2_old' projectdb\
	     < /tmp/workdir/user2_old.in
	sql -s -f4F79.38 -f8F79.38 -u'user3_old' projectdb\
	     < /tmp/workdir/user3_old.in
	sql -s -f4F79.38 -f8F79.38 -u'$ingres' +U projectdb\
	     < /tmp/workdir/ingres.in
	
	
VMS: 'reload.ing' (before editing)
	
	sql -s -f4F79.38 -f8F79.38 -u'user_old' projectdb
	     

14.  At this point all objects (tables, indexes and views)
     are owned by the new DBA ("user_new"); however, user
     objects (forms, reports, ABF applications, etc.) need
     special attention to make them accessible to everyone,
     since they are still owned by their old owners. This
     step describes how to update the "ii_objects" catalog
     to change ownership of these objects to the new DBA.

     a. First, check to make sure that the new DBA does not
          already own any objects (forms, reports, etc.)
          with names identical to those you are about to
          reassign. This would result in two identically-
          named objects for the same owner and the original
          would merely be overwritten and destroyed. Run the
          following queries to find duplicates:
     
            Find Duplicates Queries
          
              find - old
                select object_id, object_owner
                  from ii_objects
                    where object_owner = 'user_old';
              find - new
                select object_id, object_owner
                  from ii_objects
                    where object_owner = 'user_new';

     b. Compare the objects list for the new DBA with the
          list for other users. If duplicates are found they
          must be eliminated by deleting or copying and
          renaming the objects.
     
     c. After you have copied and renamed or destroyed any
          duplicates, rerun the queries to ensure that there
          are no longer any duplicate objects.
     
15.  Now invoke the terminal monitor with the '+U' flag and
     transfer ownership of existing user objects by
     executing the following query:

          sql +U 
     
     Then from inside the terminal monitor:
     
          update ii_objects set object_owner = 'user_new'
               where object_owner = 'user_old';
     
16.  Test the database and remove the temporary working
     directory and the associated work files.

You have changed ownership of your database.



Releases affected:  6.4/00(all.all) -   Releases not affected: 
Errors:                                                             
Bugs/SIRS:                                                             
------------------------------------------------------------------------------

Ingres Database Reference

To William's Home Page

© William Yuan 2000

Email William