IBM Mainframe Forum Index
 
Log In
 
IBM Mainframe Forum Index Mainframe: Search IBM Mainframe Forum: FAQ Register
 

-551 on SYSIBM.SYSTABLES, SYSIBM.SYSTABAUTH


IBM Mainframe Forums -> DB2
Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
baramesh

New User


Joined: 20 May 2008
Posts: 25
Location: bangalore

PostPosted: Mon Dec 23, 2013 6:29 pm
Reply with quote

DB2 said I am not authorised to acces SYSIBM.SYSTABAUTH and SYSIBM.SYSTABLES with an SQL code -551. I tried to issue grant on these tables . this alos failed saying MDG (MDG= RACF user id specified on my job card USER=MDG) has no previlege to perform the operation grant on the said tables to ASDFGTH. ASDFGTH is my used id.

Please advise me
Back to top
View user's profile Send private message
dick scherrer

Moderator Emeritus


Joined: 23 Nov 2006
Posts: 19244
Location: Inside the Matrix

PostPosted: Mon Dec 23, 2013 8:06 pm
Reply with quote

Hello,

You need to work with your dba or security people.
Back to top
View user's profile Send private message
baramesh

New User


Joined: 20 May 2008
Posts: 25
Location: bangalore

PostPosted: Tue Dec 24, 2013 3:51 pm
Reply with quote

Thanks very much, dick!!

But I am able to query certain DB2 catalog tables like SYSIBM.SYSCOLUMNS, SYSIBM.SYSCOLAUTH and FROM SYSIBM.SYSCONSTDEP etc. Should I understand that privileges to these tables were automatically given to me and privileges to tables like SYSIBM.SYSTABAUTH were restricted for me for security reasons?....

However, SELECT privilege on SYSIBM.SYSTABAUTH helps me to understand and resolve many issues that I encounter during my application development. Please advice me on how correct is it to restrict SELECT on SYSIBM.SYSTABAUTH to developers.
Back to top
View user's profile Send private message
enrico-sorichetti

Superior Member


Joined: 14 Mar 2007
Posts: 10872
Location: italy

PostPosted: Tue Dec 24, 2013 4:08 pm
Reply with quote

wiser to speak to Your audit and security department.

usually also to know who can do/access what is considered a security exposure
( and a developer does not certainly have the need to know )
Back to top
View user's profile Send private message
GuyC

Senior Member


Joined: 11 Aug 2009
Posts: 1281
Location: Belgium

PostPosted: Tue Dec 24, 2013 4:13 pm
Reply with quote

Developers shouldn't be able to acquire any list of userids.

You might be able to get a view on tabauth where GRANTEETYPE = 'P' if you have a cooperative DBA.
Back to top
View user's profile Send private message
baramesh

New User


Joined: 20 May 2008
Posts: 25
Location: bangalore

PostPosted: Tue Dec 24, 2013 6:25 pm
Reply with quote

Thank you all,

I got it. No access to these tables
SYSIBM.SYSCOLAUTH
SYSIBM.SYSCONTEXTAUTHIDS
SYSIBM.SYSDBAUTH
SYSIBM.SYSPACKAUTH
SYSIBM.SYSPLANAUTH
SYSIBM.SYSRESAUTH
SYSIBM.SYSROUTINEAUTH
SYSIBM.SYSSCHEMAAUTH
SYSIBM.SYSSEQUENCEAUTH
SYSIBM.SYSTABAUTH
SYSIBM.SYSUSERAUTH

However, all other catalog tables can be accessed. I understood the concept behind it......thanks all agin.
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic View Bookmarks
All times are GMT + 6 Hours
Forum Index -> DB2

 


Similar Topics
Topic Forum Replies
No new posts Discrepancy b/w SYSIBM tables and BMC... DB2 0
No new posts SYSIBM Tables Query DB2 8
No new posts Column names in SYSIBM tables DB2 5
No new posts Create view statement from SYSIBM.SYS... DB2 7
No new posts SYSIBM Catlog tables to see DDL chang... DB2 2
Search our Forums:

Back to Top