Results 1 to 4 of 4

Thread: DB2 Security

  1. #1
    Join Date
    Nov 2011
    Posts
    87

    Unanswered: DB2 Security

    Hi
    DB2 9.7 FP4 /Win 2008 R2
    Only one Database in the system.

    I need to give a permission to a tester to do SELECT Query only. Also he should be able to see the tables from TEST schema only.

    So, I have granted Connect and SELECT only. But when he logon using Control Centre or Datastudio, he can see the Bufferpools, Tablespaces and all system tables (SYSCAT, SYSIBM...etc).
    Even he can alter BF, TBS.

    How can I stop this ?
    The user is in the DB2USER group.
    Please advise.
    Thanks.

  2. #2
    Join Date
    May 2003
    Location
    USA
    Posts
    5,737
    Revoke select athority to public on the syscat schema views and sysibm schema tables. You will have to do each table/view seperately, but you can write a script to generate the revoke statements.
    M. A. Feldman
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows
    IBM Certified DBA on DB2 for z/OS and OS/390

  3. #3
    Join Date
    Sep 2004
    Location
    Belgium
    Posts
    1,126
    Quote Originally Posted by Marcus_A View Post
    Revoke select authority to public on the syscat schema views and sysibm schema tables. You will have to do each table/view separately, but you can write a script to generate the revoke statements.
    In the case where the existing grants are for PUBLIC, it will first take some effort to find out who needs those grants, and then to first give the needed grants individually (or to groups) before revoking from PUBLIC.

    Anyhow, I would start looking in the catalog auth. tables to see who has which grants, and generate the revoke (and possibly some grant) statements based on that.
    --_Peter Vanroose,
    __IBM Certified Database Administrator, DB2 9 for z/OS
    __IBM Certified Application Developer
    __ABIS Training and Consulting
    __http://www.abis.be/

  4. #4
    Join Date
    Nov 2011
    Posts
    87

    Thanks

    Thank you all for your points, hope this will put me in correct direction.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •