Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
comp.databases.ibm-db2
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
how to force a user to access a view and not the base tables...
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   6 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Bruce  
View profile  
 More options Feb 8, 8:28 am
Newsgroups: comp.databases.ibm-db2
From: Bruce <bwmille...@gmail.com>
Date: Wed, 8 Feb 2012 05:28:27 -0800 (PST)
Local: Wed, Feb 8 2012 8:28 am
Subject: how to force a user to access a view and not the base tables...
Print | Individual message | Show original | Report this message | Find messages by this author
Hi all -

DB2 V9.7.5 under AIX 6.1

I want to force users to do their SELECT etc statements against a view
and not against the underlying table(s) in that view.

Any ideas?


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Tonkuma  
View profile  
 More options Feb 8, 9:17 am
Newsgroups: comp.databases.ibm-db2
From: Tonkuma <tonk...@fiberbit.net>
Date: Wed, 8 Feb 2012 06:17:13 -0800 (PST)
Local: Wed, Feb 8 2012 9:17 am
Subject: Re: how to force a user to access a view and not the base tables...
Print | Individual message | Show original | Report this message | Find messages by this author
Revoke all provoleges for the tables.
And grant necessary privileges for the views.

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Bruce  
View profile  
 More options Feb 8, 10:38 am
Newsgroups: comp.databases.ibm-db2
From: Bruce <bwmille...@gmail.com>
Date: Wed, 8 Feb 2012 07:38:44 -0800 (PST)
Local: Wed, Feb 8 2012 10:38 am
Subject: Re: how to force a user to access a view and not the base tables...
Print | Individual message | Show original | Report this message | Find messages by this author
On Feb 8, 9:17 am, Tonkuma <tonk...@fiberbit.net> wrote:

> Revoke all provoleges for the tables.
> And grant necessary privileges for the views.

How would that help?  I wouldn't be able to get to the tables... I
want to simply enforce the rule: You MUST use the view and not select
on the base table.

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Ian  
View profile  
 More options Feb 8, 11:15 am
Newsgroups: comp.databases.ibm-db2
From: Ian <ian.bjorho...@gmail.com>
Date: Wed, 8 Feb 2012 08:15:25 -0800 (PST)
Local: Wed, Feb 8 2012 11:15 am
Subject: Re: how to force a user to access a view and not the base tables...
Print | Individual message | Show original | Report this message | Find messages by this author
On Feb 8, 9:38 am, Bruce <bwmille...@gmail.com> wrote:

> On Feb 8, 9:17 am, Tonkuma <tonk...@fiberbit.net> wrote:

> > Revoke all provoleges for the tables.
> > And grant necessary privileges for the views.

> How would that help?  I wouldn't be able to get to the tables... I
> want to simply enforce the rule: You MUST use the view and not select
> on the base table.

This is a fundamental property of database security.  If you grant
permission
to a user to access a view, you are giving them the ability to see the
data in
that view, even if that user can't read the base table.

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
gimme_this_gimme_that@yah oo.com  
View profile  
 More options Feb 8, 10:34 pm
Newsgroups: comp.databases.ibm-db2
From: "gimme_this_gimme_t...@yahoo.com" <gimme_this_gimme_t...@yahoo.com>
Date: Wed, 8 Feb 2012 19:34:22 -0800 (PST)
Local: Wed, Feb 8 2012 10:34 pm
Subject: Re: how to force a user to access a view and not the base tables...
Print | Individual message | Show original | Report this message | Find messages by this author
Ideas...

I saw a write-up that made it where users had different resultsets
when selecting from the same table.

The example had someone in New York doing queries on a table who
shouldn't be allowed to see stuff in New Jersey.

And I saw write-up just yesterday at IBM's site.

But just now I spent 5 minutes trying to find it and came up with
nothing :-)

The paper might have had to do with Transparent LDAP Authentication -
then maybe not. It wasn't a PDF white paper - it was HTML - like a
tutorial.

On Feb 8, 5:28 am, Bruce <bwmille...@gmail.com> wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Helmut Tessarek  
View profile  
 More options Feb 27, 4:50 pm
Newsgroups: comp.databases.ibm-db2
From: Helmut Tessarek <tessa...@evermeet.cx>
Date: Mon, 27 Feb 2012 16:50:56 -0500
Local: Mon, Feb 27 2012 4:50 pm
Subject: Re: how to force a user to access a view and not the base tables...
Print | Individual message | Show original | Report this message | Find messages by this author
On 08.02.12 22:34 , gimme_this_gimme_t...@yahoo.com wrote:

> I saw a write-up that made it where users had different resultsets
> when selecting from the same table.

> The example had someone in New York doing queries on a table who
> shouldn't be allowed to see stuff in New Jersey.

> And I saw write-up just yesterday at IBM's site.

> But just now I spent 5 minutes trying to find it and came up with
> nothing :-)

You are talking about LBAC (Label Based Access Control) and this won't help in
this situation.

--
Helmut K. C. Tessarek
DB2 Performance and Development
IBM Toronto Lab


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google