Results 1 to 3 of 3
  1. #1
    Join Date
    Jan 2005
    Posts
    36

    Unanswered: Revoke privileges from PUBLIC on NULLID

    (DB2 UDB V8.1 FP5, AIX)

    Hi,

    I have a few questions related to privileges granted to PUBLIC on package schema NULLID:

    - Is it a security threat if PUBLIC has privileges on NULLID?
    - What if I revoke BIND & EXECUTE on all packages within NULLID?
    - What happens when new packages are created. Is PUBLIC granted privileges on newly created packages also.
    - How to differentiate between system defined and user defined packages?

    I realise that SYSIBM is grantor for quite a few of them and there is a naming convention for packages. But still I can find some packages starting with 'SQL' with SYSIBM as grantor. I've searched a lot but could not find the impact of revoking these privileges from PUBLIC. I've also checked the V9.1 database creation option of RESTRICTIVE but currently I am on DB2 UDB v8.1 FP5.

    Thanks,
    Ritz

  2. #2
    Join Date
    Apr 2006
    Location
    Belgium
    Posts
    2,514
    Provided Answers: 11
    the package from nuliid are these used by db2 itself
    command line - import .. all other utilities
    they are grouped by 2 lists : db2cli.lst and db2ubind.lst
    multiple copies are available for all versions/release of any client
    do not revoke them..
    Best Regards, Guy Przytula
    Database Software Consultant
    Good DBAs are not formed in a week or a month. They are created little by little, day by day. Protracted and patient effort is needed to develop good DBAs.
    Spoon feeding : To treat (another) in a way that discourages independent thought or action, as by overindulgence.
    DB2 UDB LUW Certified V7-V8-V9-V9.7-V10.1-V10.5 DB Admin - Advanced DBA -Dprop..
    Information Server Datastage Certified
    http://www.infocura.be

  3. #3
    Join Date
    Jan 2005
    Posts
    36
    Thanks Guy.

    Our auditors have a different view and see it as a security threat. I could not find any IBM documentation to prove the impact the REVOKE might have.

    Please help me if you can point me to some IBM documentation.

    Thanks,
    Ritz

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •