DB2 - Problembeschreibung
Problem IC78060 | Status: Geschlossen |
USE TRUSTED CONTEXT CONNECT AUTHORIZATION BASE UPON CONNECTION USING SYSTEM AUTHORIZATION ID | |
Produkt: | |
DB2 FOR LUW / DB2FORLUW / 950 - DB2 | |
Problembeschreibung: | |
One of the capabilities trusted contexts provide is the ability for the user of that trusted context to inherit a database role. For example, a customer could choose to grant SELECT privilege on the payroll table to a role and make that role available only through a trusted context. That is, users will not be able to take advantage of the role (and consequently the SELECT privilege on the payroll table) when they are operating outside the scope of that trusted context. Prior to 9.5 fixpak 9, roles inherited through trusted contexts were not taken into account when checking for CONNECT privilege at database connection time. This restriction is being removed in 9.5 FP9. One immediate application of this enhancement is the ability to restrict where an end user might connect to the database from. For example, suppose the security administrator has a requirement to allow user newton to connect to the database only from IP address a.b.c.d. To implement this requirement, the security administrator first makes sure that CONNECT privilege is not granted to PUBLIC and is not granted to user newton or to any role or a group he is a member of. They also make sure user newton does not hold a database or database manager authority that has implicit CONNECT privilege to the database (e.g., DBADM or SYSADM). Then, they create a role R and grant CONNECT privilege to that role. Next, they create a trusted context object for user newton that offers role R when newton connects to the database from IP address a.b.c.d. That is it! The security administrator has now implemented the requirement. | |
Problem-Zusammenfassung: | |
**************************************************************** * USERS AFFECTED: * * All * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description * **************************************************************** * RECOMMENDATION: * * Upgrade to DB2 9.5 FP9 * **************************************************************** | |
Local-Fix: | |
verfügbare FixPacks: | |
DB2 Version 9.5 Fix Pack 9 for Linux, UNIX, and Windows | |
Lösung | |
The problem was first fixed in DB2 9.5 FP9 | |
Workaround | |
keiner bekannt / siehe Local-Fix | |
Kommentar | |
USE TRUSTED CONTEXT CONNECT AUTHORIZATION BASE UPON CONNECTION USING SYSTEM AUTHORIZATION ID | |
Weitere Daten | |
Datum - Problem gemeldet : Datum - Problem geschlossen : Datum - der letzten Änderung: | 11.08.2011 12.03.2012 12.03.2012 |
Problem behoben ab folgender Versionen (IBM BugInfos) | |
9.5.FP9 | |
Problem behoben lt. FixList in der Version | |
9.5.0.9 |