Hi All.
Is it possible to define an external stored procedure to be executed
not with the executing user privileges, but instead with the user who
created the stored procedure privileges in db2 version 8.1 on
linux/unix ?
Thanks in advance
Yaron 11 2100 st*******@gmail .com wrote: Hi All. Is it possible to define an external stored procedure to be executed not with the executing user privileges, but instead with the user who created the stored procedure privileges in db2 version 8.1 on linux/unix ?
Yes, if you write the external procedure using *static* SQL, when the
procedure executes it runs (by default) with the authority of the user
that bound the package.
Good luck,
Ian wrote: st*******@gmail .com wrote: Hi All. Is it possible to define an external stored procedure to be executed not with the executing user privileges, but instead with the user who created the stored procedure privileges in db2 version 8.1 on linux/unix ?
Yes, if you write the external procedure using *static* SQL, when the procedure executes it runs (by default) with the authority of the user that bound the package.
Or you using dynamic embedded SQL (C code with packages) and the
DYNAMICRULES BIND option when binding the package.
--
Knut Stolze
DB2 Information Integration Development
IBM Germany
Ian wrote: st*******@gmail .com wrote: Hi All. Is it possible to define an external stored procedure to be executed not with the executing user privileges, but instead with the user who created the stored procedure privileges in db2 version 8.1 on linux/unix ?
Yes, if you write the external procedure using *static* SQL, when the procedure executes it runs (by default) with the authority of the user that bound the package.
Good luck,
Thanks Ian
My UDF takes snapshots and prioritize transactions using IBM C++ API.
I tried to implement your suggestion by wrapping it with another UDF in
C++ that calls it via SQL statement ("select myUDF from
sysibm.sysdummy 1") but even though I don't get any error message, the
original UDF does not work for a user without privileges (meaning
calling the wrapper with privileged user works; calling the wrapper
from simple user does not work).
is there another way to override this privileges issue ? st*******@gmail .com wrote: My UDF takes snapshots and prioritize transactions using IBM C++ API.
You are aware that there are some snapshot table functions already provided
by DB2? Maybe you could simply use those functions and a little bit of SQL
to achieve the same results.
I tried to implement your suggestion by wrapping it with another UDF in C++ that calls it via SQL statement ("select myUDF from sysibm.sysdummy 1") but even though I don't get any error message, the original UDF does not work for a user without privileges (meaning calling the wrapper with privileged user works; calling the wrapper from simple user does not work).
is there another way to override this privileges issue ?
You might want to have a look at the registry variable DB2_SNAPSHOT_NO AUTH.
--
Knut Stolze
DB2 Information Integration Development
IBM Germany
Thanks for your reply Knut.
I'm familiar with the snapshot table functions, but I didn't managed to
bypass the privileges needed to prioritize connections. The API I use
(sqlesapr_api() function in version 8.2 and db2Priority in version 8.1)
seems to need a DBA authority. st*******@gmail .com wrote: Thanks for your reply Knut.
I'm familiar with the snapshot table functions, but I didn't managed to bypass the privileges needed to prioritize connections. The API I use (sqlesapr_api() function in version 8.2 and db2Priority in version 8.1) seems to need a DBA authority.
Then you should indeed have a look at the NOAUTH registry variable that I
mentioned.
--
Knut Stolze
DB2 Information Integration Development
IBM Germany
I'm not sure I understood you.
The value of DB2_SNAPSHOT_NO AUTH is set to ON, and I restared the
instance.
The UDF is now able to take snapshots, but the invocation of
sqlesapr_api() still fails on privileges (from a privileged user it
works well).
maybe there is anther "NOAUTH varible" beside DB2_SNAPSHOT_NO AUTH?
Hello Yaron;
I know that this doesn't address your problem directly, but wanted to
be sure you were aware of a couple of upcoming developments in 8.2 and
9.x. I too was putting a fair amount of effort into wrapping the admin
api with external routines, procs and table functions, but ran into all
kinds of security-related issues.
When I learned that there is an effort underway to suface virtually all
command line functions via the Admin_Cmd stored proc, I abandoned my
efforts for all but the most critical. There is a list somewhere on
developer works enumerating the commands available in 8.2 and those
slated for v9. Hope you find this useful.
Pete H st*******@gmail .com wrote: I'm not sure I understood you.
The value of DB2_SNAPSHOT_NO AUTH is set to ON, and I restared the instance.
The UDF is now able to take snapshots, but the invocation of sqlesapr_api() still fails on privileges (from a privileged user it works well).
maybe there is anther "NOAUTH varible" beside DB2_SNAPSHOT_NO AUTH?
I know that the registry variable applies to the table functions. I cannot
say if it is evaluated by the API as well.
--
Knut Stolze
DB2 Information Integration Development
IBM Germany This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: chandan |
last post by:
hi,
I have a insert trigger on a table. I want commit to happen after
insert before invoking the trigger. So that if a quey is made before
the completion of the trigger.Modified Data should be visible.
Let me explain the why i want this.
The triger calls a java stored procedure which invokes an external
ejbclient which calls the ejb. The ejb queries the database for the
modified changes but it is getting old data since commit happens...
|
by: Ted Sung |
last post by:
Hi,
I'm using P/Invoke to call a C function from a DLL in my C# class.
My C function is this
char * icmo_version_chk( const char *version )
I've tested both these declarations and both work.
public static extern IntPtr icmo_version_chk(
|
by: Karl O. Pinc |
last post by:
Hi,
Thought perhaps some other eyes than mine can tell if I'm doing
something wrong here or if there's a bug somewhere. I've never
passed a ROWTYPE varaible to a function but I don't see where
the problem is.
I keep getting errors like (the first is my debug output):
NOTICE: last cycle is: 11
WARNING: Error occurred while executing PL/pgSQL function
|
by: Marvin McNett |
last post by:
How do I go about ensuring that data is only added to a table through a
function? I've tried granting execute persission on the function which
inserts data, but can't get it to work unless the user also has insert
permission on the table. I don't want the user to be able to
arbitrarily insert data.
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend
|
by: Dennis Gearon |
last post by:
I'd like to get people's feelings about the topic.
At one extreme is to use table locking and external language queries to
even do referential integerity - a la Old (present?) MySQL/PHP.
A more realistic low end is to use Postgres or something more towards
heavy iron (if necessary) and use referential integrity, data integrity,
check cababilities.
At the other end is to only allow access to normal operation of the
database via...
| |
by: Marty Scholes |
last post by:
I may have found a bug.
I have a table:
CREATE TABLE onlpcd_stat
(
sel BIGSERIAL PRIMARY KEY,
user_id INTEGER NOT NULL REFERENCES onlpcd_user ON DELETE CASCADE,
vars TEXT, /* string of Perl var hash */
cre_ts TIMESTAMP DEFAULT NOW()
|
by: val |
last post by:
Hi all;
Is it possible to write a trigger or the ilk that would disallow
direct inserts, updates, or deletes to a table unless it was
being executed through a function? How can I identify that the
DML being issued is being done via a function?
We are writing an API of sorts and for various business logic
aspects, it is necessary that certain checks and sets of data
are processed through the database in a certain method. The use
|
by: Haxan |
last post by:
Hi,
I have an unmanaged application that converts a function pointer to a
delegate and then pass this as a parameter(delegate) to a managed function
which then invokes it. Currently Im able to jump to this unmanaged function,
but the values of the parameters inside this function Im seeing are not
correct(they have some garbage values).
//unmanaged class (C++ application)
|
by: f rom |
last post by:
----- Forwarded Message ----
From: Josiah Carlson <jcarlson@uci.edu>
To: f rom <etaoinbe@yahoo.com>; wxpython-users@lists.wxwidgets.org
Sent: Monday, December 4, 2006 10:03:28 PM
Subject: Re: 1>make_buildinfo.obj : error LNK2019: unresolved external symbol __imp__RegQueryValueExA@24 referenced in function _make_buildinfo2
Ask on python-list@python.org .
- Josiah
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |