Is there a way to restrict db2 communication based on a combination of authorization ID and source. For example, we want to enforce that a batch application should run from a given server (SERVERX) using authorization ID (USERX). Is this possible? The db2 governor does not appear to monitor by source.

What DB2 Version and OS are you talking about?

From the list applications command grep the user-id and ipaddress of the application ---> Now pick up the application-id from the selected list --> Force those particular appl-id off.

Put this script in sleep-mode for 5-10 seconds depending upon your server load.

I am running on Windows 2000, DB2/UDB ESE version 8, fixpak 8a. A script that runs every few seconds is a possibility, but I was hoping DB2 would have something internal to help regulate this.

Thanks
Al

Can you consider adding a bit of code in the application layer ... How complex the change is depends on the type of application ... Let us consider a korn script being called from cron ..
Now you have an entry in corn to start batchjob1 at 10 am ..

You can now create a new job batchjob1_wrap and put the following lines in it

Now schedule batchjob1_wrap to run at 10 am ..

where_from=`echo hostname`
batchname='batch1'
db2 connect to my db
db2 -x "select 1 from auth_appl where batch_appl_name=$batchname and batch_auth_id=USER and batch_host_name=$where_from" | read counter
if [ counter -eq 1 ]
then
batch1 parm1 parm2
else
echo "Not authorized"
end if

On the server, create a table auth_appl and define who is authorized, from which host and which appl ... Therefore you can define the authorizations in the database ...

If the connecting user has requisite permissions, you may as well get the hostname, application info using the snapshot table functions ...
And BTW, I'm sure you'll be aware that access to db objects like table, view etc can be 'configured' for the USER

HTH

Sathyaram

I am trying to find a graceful way to restrict access. Our system does limit access by user, but what we want is to prevent is ID-hijacking.

This is more of an issue for our internal auditors than it is for me (as the DBA). I can write a program, but then I have to audit the program. I was hoping there was a configuration parameter or a DB2governor option that would allow me perform this restriction without developing code or using an outside source.