By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,004 Members | 1,253 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,004 IT Pros & Developers. It's quick & easy.

DB2 UDB LUW: values current groups?

P: n/a
Once connected, a user has an id and belongs to a number of groups,
this will be used for checking certain classes of SQL requests.

'values current user' will return the user.

How to retrieve the group ids? ('values current groups' fails, not
part of special registers).

Bernard Dhooghe
Nov 12 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Bernard,

Groups are not controlled by DB2. If there is a way to get that
information through DB2 it would likely be a C-API. But it may be you
need to query your OS.

Cheers
Serge
Nov 12 '05 #2

P: n/a
Serge Rielau <sr*****@ca.eye-bee-em.com> wrote in message news:<41********@news3.prserv.net>...
Bernard,

Groups are not controlled by DB2. If there is a way to get that
information through DB2 it would likely be a C-API. But it may be you
need to query your OS.

Cheers
Serge


Hello Serge,

I understand that users and groups are maintained outside DB2 UDB.

But once connected, who am I when SQL requests will be checked for
privileges?

I can partially know who I am (current user), but the groups I'm in at
that very connection moment will also influence sql access rights.
This makes even more sense with version 8.2 now that group settings
can be controlled by a plug-in.

How will I (or maybe: an auditor) control/validate on front-end side
the back-end id settings for the connection if I can not query the
"current groups" in SQL?
Bernard Dhooghe
Nov 12 '05 #3

P: n/a
Well, authentication is at the os level and authorization is at the db
level.

The information may be somewhere in those catalog tables.
(not all auths will show because of implicit auth may apply in certain
cases.)

COLAUTH SYSCAT
DBAUTH SYSCAT
INDEXAUTH SYSCAT
LIBRARYAUTH SYSCAT
PACKAGEAUTH SYSCAT
PASSTHRUAUTH SYSCAT
ROUTINEAUTH SYSCAT
SCHEMAAUTH SYSCAT
SEQUENCEAUTH SYSCAT
TABAUTH SYSCAT
TBSPACEAUTH SYSCAT
XMLOBJECTAUTH SYSCAT
and
db2 get authorizations and related api's.

I didn't get into gss plugins yet.

I'd have to check whther there is any trace of groups in db2trace's output.

PM

"Bernard Dhooghe" <no***@attglobal.net> a écrit dans le message de
news:25**************************@posting.google.c om...
Once connected, a user has an id and belongs to a number of groups,
this will be used for checking certain classes of SQL requests.

'values current user' will return the user.

How to retrieve the group ids? ('values current groups' fails, not
part of special registers).

Bernard Dhooghe

Nov 12 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.