469,613 Members | 2,180 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,613 developers. It's quick & easy.

Check for SyAuth

I am wondering how to check for authorizations. I see DbAbmAuth in
SysCat.DbAuth to check for DbAbm priviliges. Is there a similar way to
check for SysAdm priviliges?

Also, SysCat.TabAuth has a GranteeType which can be a user or a group.
The user is stored in the the USER special register. How do i find out
what a user's group is?

B.

Dec 6 '06 #1
7 1389

Brian Tkatch wrote:
[...]
Also, SysCat.TabAuth has a GranteeType which can be a user or a group.
The user is stored in the the USER special register. How do i find out
what a user's group is?
Dont know how to do it in the catalog, but if you are allowed to read
/etc/group you can look it up there.

/Lennart

Dec 6 '06 #2
Brian Tkatch wrote:
I am wondering how to check for authorizations. I see DbAbmAuth in
SysCat.DbAuth to check for DbAbm priviliges. Is there a similar way to
check for SysAdm priviliges?

Also, SysCat.TabAuth has a GranteeType which can be a user or a group.
The user is stored in the the USER special register. How do i find out
what a user's group is?
Groups are managed by the security plugin that you are using. If you
haven't installed one yourself, the default is to rely on the underlying OS
for user and group management. That's where you will have to lookup which
groups (plural!) a user belongs to.

You could also write a simple table function (UDF) that extracts the group
information for a given user from whereever you store that information.

--
Knut Stolze
DB2 Information Integration Development
IBM Germany
Dec 7 '06 #3

Knut Stolze wrote:
Brian Tkatch wrote:
I am wondering how to check for authorizations. I see DbAbmAuth in
SysCat.DbAuth to check for DbAbm priviliges. Is there a similar way to
check for SysAdm priviliges?

Also, SysCat.TabAuth has a GranteeType which can be a user or a group.
The user is stored in the the USER special register. How do i find out
what a user's group is?

Groups are managed by the security plugin that you are using. If you
haven't installed one yourself, the default is to rely on the underlying OS
for user and group management. That's where you will have to lookup which
groups (plural!) a user belongs to.
Yep. That's how its setup. We're using the underlying OS.
You could also write a simple table function (UDF) that extracts the group
information for a given user from whereever you store that information.
But that would not be standardized. I was hoping to find an "official"
way to do this.

Anyway, rhanx for the reply, Knut! I was just writing a script and
wanted to cover all the bases if i could (good habit to get into). But,
this does not seem important enough to me, given the way we have rights
set up (because AFAIK, we do not use groups).

Is SysAdm just root then?

B.

Dec 7 '06 #4
Brian Tkatch wrote:
Is SysAdm just root then?
No, and it should never be set so. If you have not changed it, it is the
primary group of the DB2 instance owner at time of instance creation. Have
a look at the SYSADM_GROUP parameter of your instance dbm cfg.

--
Knut Stolze
DB2 z/OS Utilities Development
IBM Germany
Dec 7 '06 #5
Knut Stolze wrote:
Brian Tkatch wrote:
Is SysAdm just root then?

No, and it should never be set so. If you have not changed it, it is the
primary group of the DB2 instance owner at time of instance creation. Have
a look at the SYSADM_GROUP parameter of your instance dbm cfg.

--
Knut Stolze
DB2 z/OS Utilities Development
IBM Germany
I am not the DBA, so i didn't set anything. Is there a way any user
(with CONNECT) can check this from within SQL itself?

Again, this isn't that important. I'd just like to know how to do it,
and have it in the script just for completelness.

B.

Dec 7 '06 #6
Brian Tkatch wrote:
I am not the DBA, so i didn't set anything. Is there a way any user
(with CONNECT) can check this from within SQL itself?
You can use the function GET_DBM_CONFIG.

SELECT sysadm_group
FROM TABLE ( get_dbm_config() ) AS n
WHERE dbmconfig_type = 1

p.s: You need to be on V8.2.

--
Knut Stolze
DB2 z/OS Utilities Development
IBM Germany
Dec 8 '06 #7
Knut Stolze wrote:
Brian Tkatch wrote:
I am not the DBA, so i didn't set anything. Is there a way any user
(with CONNECT) can check this from within SQL itself?

You can use the function GET_DBM_CONFIG.

SELECT sysadm_group
FROM TABLE ( get_dbm_config() ) AS n
WHERE dbmconfig_type = 1

p.s: You need to be on V8.2.

--
Knut Stolze
DB2 z/OS Utilities Development
IBM Germany
Unfortunately, we're not on 8.2 (yet, i hope). We're on 8.1.6.

Regardless, thanx. That's what i wanted to see.

B.

Dec 8 '06 #8

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

17 posts views Thread by Craig Bailey | last post: by
13 posts views Thread by Adrian Parker | last post: by
7 posts views Thread by Tony Johnson | last post: by
1 post views Thread by scprosportsman | last post: by
2 posts views Thread by Chris Davoli | last post: by
reply views Thread by devrayhaan | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.