Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: tough choices

Re: tough choices

From: Larry <Larry_at_nospam.net>
Date: Wed, 23 Jun 2004 22:04:39 -0400
Message-ID: <cbdcnv$f0q$1@news.btv.ibm.com> 





Noons,



I can't answer all of your questions. Perhaps someone else on the list can.



Noons wrote:



> Larry apparently said,on my timestamp of 24/06/2004 1:59 AM:

> 


>> Yes ... priviledges can be granted via SQL Grant and Revoke to groups 
>> ... and it works for tables, views, indexes, packages, UDFs, Stored 
>> Procs, etc.




> 

> 

> Indexes?  I think you are overstating the features right there...  :)

> Or perhaps you are quoting a feature that only exists in the mainframe

> version?




Specifically in the index area, DB2 UDB provides the ability to grant 
the privilege to create an index on a table, or an index specification 
on a nickname. Not talking mainframe or DB2/400 at all here. See the DB2 
SQL Reference under the Grant statement.


> 

> Good.  So how do you map that to a user that was verified externally?

> Say for example I login as "BLOGGSJ", which the external security attached

> to group "OZZIE"?  Do I have to have "OZZIE" defined BOTH in DB2

> AND the external security?




No. Just GRANT required priviledge to group OZZIE via GRANT statement.



> 

> Better yet: can I login to the external security AND the database

> as a member of group "USERS", get a SP to check who I am and what I

> want to do and then give my logon the db group "OZZIE" and its rights

> according to the contents of a config table?

> 



GRANT can be embedded in an application program. Don't know for sure if 
this can be done ... perhaps someone from Toronto knows.



> And another point: can you associate group security by GRANT

> across schemas?  As in granting a given set of tables from schema A

> AND schema B to a single group "OZZIE"?




One can GRANT schema priviledges, and GROUP can be specfied in that 
GRANT statement.



> 

> Because I'll tell you what: I had a copy of DB2 UDB in my PC for

> most of last year and for the life of me I could not find out

> how to do it...  Then again: please stay within the only version of

> DB2 that deserves the name of UDB, OK?  I don't give two hoots

> what DB2/zos or DB2/AS400 does or will do in version 32.




Don't know what versions deserve the name of UDB. But I am talking about 
DB2 UDB for Intel/UNIX/Linux.



Larry Edelstein
Received on Wed Jun 23 2004 - 21:04:39 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US