DB2 Privileges

Meena.s · #1 (**permalink**) 06-02-11, 09:42

Hello All,

Is there any way to find out , user who has revoke/grant db privileges like (connect) to other user.

We faced a situation where connect privilege was revoked from a user , but not sure who revokes the same.

the system is a legacy system - db2v7.1.

Irrespective of version , is it possible to find out the same?

Thanks for your help in advance.

Regards
Meena.s

ARWinner · #2 (**permalink**) 06-02-11, 10:35

There are several views in the catalog (syscat) that show authorizations (they usually end in "AUTH") . There is a different view for each object type (e.g. TABAUTH is for table authorizations-select, insert, delete, etc). Each of these views should have a column that is like 'GRANT'. Persons with this authorization can perform the grant on the object for which they have the grant authority.

Andy

Mathew_paul · #3 (**permalink**) 06-02-11, 10:58

check syscat.dbauth, have you revoke connect priviledges from public in ur db coz connect to db is default for user, u can get ur info in syscat.dbauth table i believe.

group kindly correct on this

regds
Paul

Meena.s · #4 (**permalink**) 06-02-11, 11:21

@ Andy : Yup as you said we have syscat tables for the entries, but here need to know when the connect privilege has been revoked from the user (not public) and who has revoked the same?

Is there any possibility for this.

Meena.s · #5 (**permalink**) 06-02-11, 11:23

@ Paul : Syscat.dbauth will have privilege info and grantor ,grantee related information only.

ARWinner · #6 (**permalink**) 06-02-11, 11:41

I usually do not need to look in the syscat catalog for authorizations so i am not 100% on what is there. That is what manuals are created for. Looking in the V9.5 manual (I assume V7 is similar), to grant/revoke connect privilege the user needs to be either DBADM or SYSADM.

Andy

Meena.s · #7 (**permalink**) 06-03-11, 05:02

Thanks Andy for your reply.

Yup. Users who hold sysadm/dbadm privileges can revoke the connect privilege.
In our case , I have checked that too.

Only Instance id holds that privilege. But some of the users holds sudo su access to the instance.

So any of them have a chance to revoke it . Is there any possibility to fine who has revoked it ?