467,199 Members | 970 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,199 developers. It's quick & easy.

DB2 UDB LUW: values current groups?

Once connected, a user has an id and belongs to a number of groups,
this will be used for checking certain classes of SQL requests.

'values current user' will return the user.

How to retrieve the group ids? ('values current groups' fails, not
part of special registers).

Bernard Dhooghe
Nov 12 '05 #1
  • viewed: 1663
Share:
3 Replies
Bernard,

Groups are not controlled by DB2. If there is a way to get that
information through DB2 it would likely be a C-API. But it may be you
need to query your OS.

Cheers
Serge
Nov 12 '05 #2
Serge Rielau <sr*****@ca.eye-bee-em.com> wrote in message news:<41********@news3.prserv.net>...
Bernard,

Groups are not controlled by DB2. If there is a way to get that
information through DB2 it would likely be a C-API. But it may be you
need to query your OS.

Cheers
Serge


Hello Serge,

I understand that users and groups are maintained outside DB2 UDB.

But once connected, who am I when SQL requests will be checked for
privileges?

I can partially know who I am (current user), but the groups I'm in at
that very connection moment will also influence sql access rights.
This makes even more sense with version 8.2 now that group settings
can be controlled by a plug-in.

How will I (or maybe: an auditor) control/validate on front-end side
the back-end id settings for the connection if I can not query the
"current groups" in SQL?
Bernard Dhooghe
Nov 12 '05 #3
Well, authentication is at the os level and authorization is at the db
level.

The information may be somewhere in those catalog tables.
(not all auths will show because of implicit auth may apply in certain
cases.)

COLAUTH SYSCAT
DBAUTH SYSCAT
INDEXAUTH SYSCAT
LIBRARYAUTH SYSCAT
PACKAGEAUTH SYSCAT
PASSTHRUAUTH SYSCAT
ROUTINEAUTH SYSCAT
SCHEMAAUTH SYSCAT
SEQUENCEAUTH SYSCAT
TABAUTH SYSCAT
TBSPACEAUTH SYSCAT
XMLOBJECTAUTH SYSCAT
and
db2 get authorizations and related api's.

I didn't get into gss plugins yet.

I'd have to check whther there is any trace of groups in db2trace's output.

PM

"Bernard Dhooghe" <no***@attglobal.net> a écrit dans le message de
news:25**************************@posting.google.c om...
Once connected, a user has an id and belongs to a number of groups,
this will be used for checking certain classes of SQL requests.

'values current user' will return the user.

How to retrieve the group ids? ('values current groups' fails, not
part of special registers).

Bernard Dhooghe

Nov 12 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Philip Nelson | last post: by
8 posts views Thread by Mark White | last post: by
7 posts views Thread by Lew | last post: by
3 posts views Thread by aj | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.