473,387 Members | 1,548 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > db2 database > questions > newbee - schema concept question

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Newbee - Schema concept question

cmc
I need some clarification to help me understand the DB2 strucure more.
The questions are about "implicit schema"

1. This is a very interest concpet that DB2 let every user to create new
schema (as this is part of the PUBLIC group privilege - if I am not wrong).
From a practical stand point, what is the application of such concept.

2. Suprisingly, if the schema is an implicitly created, everyone else can
create objects in it too. What is the practical use of this feature ? I
would tend to think it should be only used by the owner (also not sure why
implicit schema is owned by SYSIBM).

3. Can we set up some database parameter such that by default only the owner
have a FULL access to the schema ?

Any help is appreciated.
Tom
Nov 12 '05 #1
4 2589
cmc wrote:
I need some clarification to help me understand the DB2 strucure more.
The questions are about "implicit schema"

1. This is a very interest concpet that DB2 let every user to create new
schema (as this is part of the PUBLIC group privilege - if I am not wrong).
From a practical stand point, what is the application of such concept. DB2 gives you essentially two options. One option is that you want to
control schemas tightly. In this case you REVOKE IMPLICIT_SCHEMA on the
database from PUBLIC.
If you don't want to control tighly, then leave it as is.
I woudl think that both options have value depending on the environment
(e.g. development vs production or the size of the shop).
Why the default is to grant IMPLICIT_SCHEMA to PUBLIC after database
creation I can only guess. Often such defaults are borne through legacy
(perhaps coming from SQL/DS or DB2 for zOS). Given that there is a
switch folks rarely bother about it.
2. Suprisingly, if the schema is an implicitly created, everyone else can
create objects in it too. What is the practical use of this feature ? I
would tend to think it should be only used by the owner (also not sure why
implicit schema is owned by SYSIBM). This is the continuation of the default in the first point. If schemata
can be created ad-hoc without much thinking, then why bother to suddenly
control the usage.
Essentially the default is that schemata are just public "directories".
It is the content that needs protecting.
Again, as soon as IMPLCITIC_SCHEMA (as teh master switch) is revoked
this behavior goes away and DB2 ends up with a strict policy of schema
usage.
3. Can we set up some database parameter such that by default only the owner
have a FULL access to the schema ?

REVOKE IMPLICIT_SCHEMA ON <DB> FROM PUBLIC :-)

As an aside: It is important to note that USER and SCHEMA are
orthogonal. E.g. the migration toolkit generates schemata such as ORA8
or SQL7 but there is normally is no ORA8 or SQL7 user on the system.

Cheers
Serge

--
Serge Rielau
DB2 SQL Compiler Development
IBM Toronto Lab
Nov 12 '05 #2
"Serge Rielau" <sr*****@ca.ibm.com> wrote in message
news:3c*************@individual.net...
Why the default is to grant IMPLICIT_SCHEMA to PUBLIC after database
creation I can only guess. Often such defaults are borne through legacy
(perhaps coming from SQL/DS or DB2 for zOS). Given that there is a switch
folks rarely bother about it.


There was no "schema" in DB2 mainframe until well after DB2 for LUW had it,
and it was added later for compatibility. Anyone who has create table
authority can create a table with their auth id as the high level qualifier
(what is now called schema) on DB2 mainframe. So by granting create table to
a user, an implicit schema authority is created on DB2 mainframe.
Nov 12 '05 #3
cmc
Thanks for providing the useful informatin to help me understand the DB2
design.

More questions:
1. How do you grant/assign a schema to a group so that every user in that
group has access to the objects in that schema?
2. When a user, say X, do a schema switch by following (assume it has been
set up to allow access the schema TEST in question 1):
db2> set schema TEST
Does it mean user X is now has complete access to everything of the schema
just like the owner/creater ? Or, you still need to have individual grants
on each object ?

Thanks
Tom

"Serge Rielau" <sr*****@ca.ibm.com> wrote in message
news:3c*************@individual.net...
cmc wrote:
I need some clarification to help me understand the DB2 strucure more.
The questions are about "implicit schema"

1. This is a very interest concpet that DB2 let every user to create new schema (as this is part of the PUBLIC group privilege - if I am not wrong). From a practical stand point, what is the application of such concept.

DB2 gives you essentially two options. One option is that you want to
control schemas tightly. In this case you REVOKE IMPLICIT_SCHEMA on the
database from PUBLIC.
If you don't want to control tighly, then leave it as is.
I woudl think that both options have value depending on the environment
(e.g. development vs production or the size of the shop).
Why the default is to grant IMPLICIT_SCHEMA to PUBLIC after database
creation I can only guess. Often such defaults are borne through legacy
(perhaps coming from SQL/DS or DB2 for zOS). Given that there is a
switch folks rarely bother about it.
2. Suprisingly, if the schema is an implicitly created, everyone else can create objects in it too. What is the practical use of this feature ? I would tend to think it should be only used by the owner (also not sure why implicit schema is owned by SYSIBM).

This is the continuation of the default in the first point. If schemata
can be created ad-hoc without much thinking, then why bother to suddenly
control the usage.
Essentially the default is that schemata are just public "directories".
It is the content that needs protecting.
Again, as soon as IMPLCITIC_SCHEMA (as teh master switch) is revoked
this behavior goes away and DB2 ends up with a strict policy of schema
usage.
3. Can we set up some database parameter such that by default only the owner have a FULL access to the schema ?

REVOKE IMPLICIT_SCHEMA ON <DB> FROM PUBLIC :-)

As an aside: It is important to note that USER and SCHEMA are
orthogonal. E.g. the migration toolkit generates schemata such as ORA8
or SQL7 but there is normally is no ORA8 or SQL7 user on the system.

Cheers
Serge

--
Serge Rielau
DB2 SQL Compiler Development
IBM Toronto Lab

Nov 12 '05 #4
cmc wrote:
1. How do you grant/assign a schema to a group so that every user in that
group has access to the objects in that schema? There is no privilege that gives a user access to all objects in a
schema, existing and future. There is only ALTERIN, CREATEIN and DROPIN
on the schema level.
Having said that DB2 has started to introduce wildcards with the EXECUTE
privilege for routines. GRANTing EXECUTE on myschema.* TO <userorgroup>
will cover all existing routines in that schema.
Whiel it is reasonable to imagine that both the schema level privileges
as well as the wildcard support being expanded upon, today thsi is not
teh case.
2. When a user, say X, do a schema switch by following (assume it has been
set up to allow access the schema TEST in question 1):
db2> set schema TEST
Does it mean user X is now has complete access to everything of the schema
just like the owner/creater ? Or, you still need to have individual grants
on each object ?

That's what I refereed to as USER and SCHEMA being orthoginal.
In a Unix environment USER corresponds to "whoami", while CURRENT SCHEMA
corresonds to "pwd".
SET SCHEMA matched a cd to another directory.
SET SESSION AUTHID matches the "su" command. Naturally SET SESSION
AUTHID is heavily restricted.

Cheers
Serge
--
Serge Rielau
DB2 SQL Compiler Development
IBM Toronto Lab
Nov 12 '05 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
XML schema extension question
by: Antony | last post by:
Hi there, firstly thank you for thinking about this problem of mine. This is a long message because I want to put all the facts (the XML and the schema) to try to get a solution from you helpful...
.NET Framework
1
XML schema validation question
by: Antony | last post by:
Hi there, I have defined an XML schema for some information I am going to import into a database. What I do not know how to do in the schema is to ensure if <numberOfItems> is 6, then there has...
.NET Framework
3
Schema validation question
by: Leonid Shprekher | last post by:
Question to the Schema pro: If nillable="False" is default for Schema element, why schema validation of my XML doesn't fail if I don't provide any value for the tag? Thanks, Leonid.
.NET Framework
3
Concept Question re UDTs in UDFs
by: Rhino | last post by:
I am trying to figure out if a UDF can accept a UDT (User-defined Distinct Type, *not* structured type) as one of its parameters. I'm running DB2 for Linux, Unix, and Windows V8.2 (FP 8) on Windows...
DB2 Database
3
Create Schema functionality question
by: Seamus Thomas Carroll | last post by:
Hi, I am trying to create a schema where the schema name has been defined in another table. My sql looks like: create schema (select agent_schema from agents.agents where agent_id =...
PostgreSQL Database
2
asp.net c# concept question
by: Howard | last post by:
I need to write a web page that outputs a table from database. ( i want to write my own code, don't want to use the built-in control) I came up with two ways of doing this (i use c# 2.0) 1....
C# / C Sharp
2
XmlSchemaCollection and schema imports question
by: Jiho Han | last post by:
I am trying to validate a document against a set of schema and in order to do that, I am using XmlValidatingReader.Schemas.Add to add the schemas. However, since there are dependencies, the...
.NET Framework
5
Basic Schema subdivision question.
by: Grant Robertson | last post by:
I am only just learning about schema basics. I am trying to understand some fundamental principles about what can be specified within a schema. If I define an enumerated list of values for an...
.NET Framework
2
newbee function call question...
by: Mel | last post by:
I have a selection box with 3 values. what i need is to pass 3 urls to a function that has a switch statement and based on the selection index goes on one of the tree urls. Question is how do i...
Javascript
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!