Using: Command Line Processor for DB2 SDK 8.2.2 (in Unix)

For my school project, we need our database to be accessed by multiple users concurrently, but the prof offered no guidance on how that would be implemented.

We don't have user privileges to use the GRANT command, nor do we have authorization to create groups in Unix.

Our TA (teacher assistant) told me to look up IBM documentation on "binding embedded SQL applications" but I couldn't find anything that relates to command line users (it only gave instructions for those with a GUI).

Would this be a possible solution (functionally, for a project, not for the real world obviously): To have my multiple users login to my same Unix account? Would there be any problems caused by being the same user?

Or is there another good solution as well?

Thanks. This project is due this week; not gonna be a fun week.
Thanks a lot for your help.

Sincerely,
Arthur Lui.

Using either different UNIX user accounts, or different logins for the same account, does not matter: either will work. But of course (as you state) the account(s), or better said the user ID under which you contact DB2, should have DB2 the appropriate authorisations (grants) to do whatever you have to do in DB2.

Usually the easiest wasy is to create a group UNIX account with individual user accounts that belong to the group. Then control access (including connect authority) within DB2 at the group level using the UNIX group accounts.

You may want more than one group if you have different levels of access for the database.

In DB2, you should consider the following (and maybe others):

- connect authority to the database
- bindadd authority (for developers who are creating new programs)
- execute athority on a SP, UDF, or package (for end users)
- LOAD authority (for developers, etc)
- select access (for end users who write queries only)
- select, insert, update, delete (for users or applications that need these)
- etc

Groups that you might want (depending on whether it is a devlopment, test, or production envrionment):

- End users
- Ad-hoc query users
- developers
- computer operations

See the Grant statement in SQL Reference Vol 2.

There are already some built-in groups that are controlled at the instance level:

SYSADM
SYSCNTRL
SYSMAINT
SYSMON

You can see these with "db2 get dbm cfg". You need to create the UNIX groups and assign users to them before you can effectively use them. Then update the dbm config with the group you have defined for the appropriate level of security you want to give.

It is always preferable to use group accounts and have each user with their own individual accounts assigned to the group so that each user can control their own passwords and can be held accountable for their actions.