Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: tough choices
Larry apparently said,on my timestamp of 24/06/2004 1:59 AM:
> Yes ... priviledges can be granted via SQL Grant and Revoke to groups
> ... and it works for tables, views, indexes, packages, UDFs, Stored
> Procs, etc.
Indexes? I think you are overstating the features right there... :) Or perhaps you are quoting a feature that only exists in the mainframe version?
Good. So how do you map that to a user that was verified externally? Say for example I login as "BLOGGSJ", which the external security attached to group "OZZIE"? Do I have to have "OZZIE" defined BOTH in DB2 AND the external security?
Better yet: can I login to the external security AND the database as a member of group "USERS", get a SP to check who I am and what I want to do and then give my logon the db group "OZZIE" and its rights according to the contents of a config table?
And another point: can you associate group security by GRANT across schemas? As in granting a given set of tables from schema A AND schema B to a single group "OZZIE"?
Because I'll tell you what: I had a copy of DB2 UDB in my PC for most of last year and for the life of me I could not find out how to do it... Then again: please stay within the only version of DB2 that deserves the name of UDB, OK? I don't give two hoots what DB2/zos or DB2/AS400 does or will do in version 32.
-- Cheers Nuno Souto wizofoz2k_at_yahoo.com.au.nospamReceived on Wed Jun 23 2004 - 11:44:59 CDT