Results 1 to 5 of 5
  1. #1
    Join Date
    Jan 2004
    Location
    Austin
    Posts
    62

    Unanswered: DB2 Fenced user questions...

    Would like some info. on the proper use of the fenced user. From IBM they say...

    "The fenced user is used to run user defined functions (UDFs) and stored procedures outside of the address space used by the DB2 database."

    What address spaces would be outside of the DB2 database? Does this mean running stored procedures in another database within the same instance?

    Also, would this be the appropriate user for limiting or restricting access to tables owned by the DB2Admin? Or should I create another user for that purpose?

    Regards,

    Mike
    Last edited by PanamaMike; 03-09-12 at 18:14.

  2. #2
    Join Date
    Jun 2003
    Location
    Toronto, Canada
    Posts
    5,516
    Provided Answers: 1
    Quote Originally Posted by PanamaMike View Post

    What address spaces would be outside of the DB2 database?
    Here address space means a range of memory addresses that a particular process is allowed to access. A fenced process runs separately from the DB2 instance process(es) and as such cannot corrupt instance memory if something goes wrong.

    Quote Originally Posted by PanamaMike View Post
    Does this mean running stored procedures in another database within the same instance?
    No.

    Quote Originally Posted by PanamaMike View Post
    Also, would the be the appropriate user to limiting or restricting access to tables owned by the DB2Admin?
    No. A fenced user ID usually has no permissions in the database, except those granted to PUBLIC.

  3. #3
    Join Date
    Jan 2007
    Location
    Jena, Germany
    Posts
    2,721
    An additional thing for the fenced user is to make sure that user doesn't have privileges on the operating system level to access files owned by the DB2 instance owner. That way, you cannot even have a malicious fenced UDF or stored proc meddling around with your database on this level.
    Knut Stolze
    IBM DB2 Analytics Accelerator
    IBM Germany Research & Development

  4. #4
    Join Date
    Jan 2004
    Location
    Austin
    Posts
    62
    Quote Originally Posted by n_i View Post
    Here address space means a range of memory addresses that a particular process is allowed to access. A fenced process runs separately from the DB2 instance process(es) and as such cannot corrupt instance memory if something goes wrong.

    No.



    No. A fenced user ID usually has no permissions in the database, except those granted to PUBLIC.
    Thanks for the responses, this helps clarify.

  5. #5
    Join Date
    Jan 2004
    Location
    Austin
    Posts
    62
    Quote Originally Posted by stolze View Post
    An additional thing for the fenced user is to make sure that user doesn't have privileges on the operating system level to access files owned by the DB2 instance owner. That way, you cannot even have a malicious fenced UDF or stored proc meddling around with your database on this level.
    Thanks, this is helpful and provides good insight to the use of a fenced user.

    Regards,

    Mike

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •