471,089 Members | 1,768 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,089 software developers and data experts.

Group privileges and views

Hello,

Quoting http://publib.boulder.ibm.com/infoce...uw/v9r5/topic/
com.ibm.db2.luw.sql.ref.doc/doc/r0000935.html :

Group privileges are not considered for any table or
view specified in the CREATE VIEW statement.

I discovered this today because a user complained that she couldn't
create a simple view referring to a table to which she had all privileges.

Why does DB2 care if the user or the group has the required SELECT
privilege on the base table?

(Managing access on a per-user basis is really a problem for us, we need
to be able to do it by groups. Otherwise the DBA needs to be involved in
too many tasks, instead of having the help desk handle it through central
group membership administration.)

--
Regards,
Troels Arvin <tr****@arvin.dk>
http://troels.arvin.dk/
Jun 27 '08 #1
1 1523
Troels Arvin wrote:
Hello,

Quoting http://publib.boulder.ibm.com/infoce...uw/v9r5/topic/
com.ibm.db2.luw.sql.ref.doc/doc/r0000935.html :

Group privileges are not considered for any table or
view specified in the CREATE VIEW statement.

I discovered this today because a user complained that she couldn't
create a simple view referring to a table to which she had all privileges.

Why does DB2 care if the user or the group has the required SELECT
privilege on the base table?

(Managing access on a per-user basis is really a problem for us, we need
to be able to do it by groups. Otherwise the DBA needs to be involved in
too many tasks, instead of having the help desk handle it through central
group membership administration.)
The problem is that DB2 is not informed when the definer gets ejected
from an OS GROUP.
DB2 9.5 supports ROLES however. Role membership is managed within DB2
and therefore ROLE membership is considered.

Cheers
Serge
--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab
Jun 27 '08 #2

This discussion thread is closed

Replies have been disabled for this discussion.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.