View previous topic :: View next topic
|
Author |
Message |
baramesh
New User
Joined: 20 May 2008 Posts: 25 Location: bangalore
|
|
|
|
DB2 said I am not authorised to acces SYSIBM.SYSTABAUTH and SYSIBM.SYSTABLES with an SQL code -551. I tried to issue grant on these tables . this alos failed saying MDG (MDG= RACF user id specified on my job card USER=MDG) has no previlege to perform the operation grant on the said tables to ASDFGTH. ASDFGTH is my used id.
Please advise me |
|
Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006 Posts: 19244 Location: Inside the Matrix
|
|
|
|
Hello,
You need to work with your dba or security people. |
|
Back to top |
|
|
baramesh
New User
Joined: 20 May 2008 Posts: 25 Location: bangalore
|
|
|
|
Thanks very much, dick!!
But I am able to query certain DB2 catalog tables like SYSIBM.SYSCOLUMNS, SYSIBM.SYSCOLAUTH and FROM SYSIBM.SYSCONSTDEP etc. Should I understand that privileges to these tables were automatically given to me and privileges to tables like SYSIBM.SYSTABAUTH were restricted for me for security reasons?....
However, SELECT privilege on SYSIBM.SYSTABAUTH helps me to understand and resolve many issues that I encounter during my application development. Please advice me on how correct is it to restrict SELECT on SYSIBM.SYSTABAUTH to developers. |
|
Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007 Posts: 10872 Location: italy
|
|
|
|
wiser to speak to Your audit and security department.
usually also to know who can do/access what is considered a security exposure
( and a developer does not certainly have the need to know ) |
|
Back to top |
|
|
GuyC
Senior Member
Joined: 11 Aug 2009 Posts: 1281 Location: Belgium
|
|
|
|
Developers shouldn't be able to acquire any list of userids.
You might be able to get a view on tabauth where GRANTEETYPE = 'P' if you have a cooperative DBA. |
|
Back to top |
|
|
baramesh
New User
Joined: 20 May 2008 Posts: 25 Location: bangalore
|
|
|
|
Thank you all,
I got it. No access to these tables
SYSIBM.SYSCOLAUTH
SYSIBM.SYSCONTEXTAUTHIDS
SYSIBM.SYSDBAUTH
SYSIBM.SYSPACKAUTH
SYSIBM.SYSPLANAUTH
SYSIBM.SYSRESAUTH
SYSIBM.SYSROUTINEAUTH
SYSIBM.SYSSCHEMAAUTH
SYSIBM.SYSSEQUENCEAUTH
SYSIBM.SYSTABAUTH
SYSIBM.SYSUSERAUTH
However, all other catalog tables can be accessed. I understood the concept behind it......thanks all agin. |
|
Back to top |
|
|
|