Hi i got a little problem here.

Is it possible to filter my database accesses by ip ?

i have an instance db2inst01 with some databases version 9.5 for LUW.

there are also some user accounts.

now i got the problem that i want to give special roles by checking the IP from the User.

for example:
user001 opens a connection to my database01 from IP 192.168.1.250

this ip is in the subnet/range 192.168.1.0/24 so i want to give the user the role admin with drop,insert,create...

BUT if this user tries to connect from an IP outside the range above i want to give him the role "visitor" or to block/decline the access.

Is there a possibility to solve this problem or an ordinary db2 statement i have read over ?

thanks for your help
Florian

so after some tries i partially solved the problem.

first i created a BLANK user "user007" without any privileges.

account was not able to select * from any table.

after that i created a role "test" with the privileges SELECT.

i ve created a trusted context on my database with this command:


CREATE TRUSTED CONTEXT AdminUserCtxt
BASED UPON CONNECTION USING SYSTEM AUTHID test007
ATTRIBUTES (ADDRESS '22.22.81.115')
DEFAULT ROLE test
ENABLE;

after a connect the user was able to execute selects from the tables.

to verify i changed the ip in the trusted context, and the user wasnt able to execute select any more

it works with this simple privileges.

maybe anyone knows a better or easier way ?