Group PUBLIC
You cannot drop the group PUBLIC.
Implicitly Revoking Privileges
When you drop a group, you automatically revoke all privileges that have been granted to the group. Thus, a user who was in the dropped group no longer holds privileges received as a result of membership in the group.
Issuing DROP GROUP Before and After SDEL Execution
The first time you issue a DROP GROUP statement for a group identifier, the identifier is flagged for logical deletion. To delete all privileges associated with each logically deleted group, you execute the SDEL task in each system of the domain and against each dictionary in the system that contains security definitions. (The system dictionary and each application dictionary with an SQL catalog component contain security definitions.) Then you reissue the DROP GROUP statement to physically delete the group from the user catalog.
Note: If the SDEL task has been defined as an autotask and is invoked at startup, all dictionaries are processed if a logically deleted group is found. If SDEL is invoked manually, each dictionary must be processed separately.
For more information about the SDEL task, see the CA IDMS System Tasks and Operator Commands Guide.
If you physically delete a group before running SDEL on all systems, follow the following steps:
The following DROP GROUP statement drops the definition of the corp_admin group and implicitly revokes all privileges that have been granted to the group:
drop group corp_admin;
|
Copyright © 2014 CA.
All rights reserved.
|
|