Results 1 to 3 of 3
  1. #1
    Join Date
    Feb 2006
    Posts
    5

    Unanswered: Multiple user access to database

    Using: Command Line Processor for DB2 SDK 8.2.2 (in Unix)

    For my school project, we need our database to be accessed by multiple users concurrently, but the prof offered no guidance on how that would be implemented.

    We don't have user privileges to use the GRANT command, nor do we have authorization to create groups in Unix.

    Our TA (teacher assistant) told me to look up IBM documentation on "binding embedded SQL applications" but I couldn't find anything that relates to command line users (it only gave instructions for those with a GUI).

    Would this be a possible solution (functionally, for a project, not for the real world obviously): To have my multiple users login to my same Unix account? Would there be any problems caused by being the same user?

    Or is there another good solution as well?

    Thanks. This project is due this week; not gonna be a fun week.
    Thanks a lot for your help.

    Sincerely,
    Arthur Lui.

  2. #2
    Join Date
    Sep 2004
    Location
    Belgium
    Posts
    1,126
    Using either different UNIX user accounts, or different logins for the same account, does not matter: either will work. But of course (as you state) the account(s), or better said the user ID under which you contact DB2, should have DB2 the appropriate authorisations (grants) to do whatever you have to do in DB2.
    --_Peter Vanroose,
    __IBM Certified Database Administrator, DB2 9 for z/OS
    __IBM Certified Application Developer
    __ABIS Training and Consulting
    __http://www.abis.be/

  3. #3
    Join Date
    May 2003
    Location
    USA
    Posts
    5,737
    Usually the easiest wasy is to create a group UNIX account with individual user accounts that belong to the group. Then control access (including connect authority) within DB2 at the group level using the UNIX group accounts.

    You may want more than one group if you have different levels of access for the database.

    In DB2, you should consider the following (and maybe others):

    - connect authority to the database
    - bindadd authority (for developers who are creating new programs)
    - execute athority on a SP, UDF, or package (for end users)
    - LOAD authority (for developers, etc)
    - select access (for end users who write queries only)
    - select, insert, update, delete (for users or applications that need these)
    - etc

    Groups that you might want (depending on whether it is a devlopment, test, or production envrionment):

    - End users
    - Ad-hoc query users
    - developers
    - computer operations

    See the Grant statement in SQL Reference Vol 2.

    There are already some built-in groups that are controlled at the instance level:

    SYSADM
    SYSCNTRL
    SYSMAINT
    SYSMON

    You can see these with "db2 get dbm cfg". You need to create the UNIX groups and assign users to them before you can effectively use them. Then update the dbm config with the group you have defined for the appropriate level of security you want to give.

    It is always preferable to use group accounts and have each user with their own individual accounts assigned to the group so that each user can control their own passwords and can be held accountable for their actions.
    Last edited by Marcus_A; 02-26-06 at 08:51.
    M. A. Feldman
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows
    IBM Certified DBA on DB2 for z/OS and OS/390

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •