home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Neueste VersionenFixList
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Haben Sie Probleme? - Kontaktieren Sie uns.
Kostenlos registrieren anmeldung-x26
Kontaktformular kontakt-x26

DB2 - Problembeschreibung

Problem IC78060 Status: Geschlossen

USE TRUSTED CONTEXT CONNECT AUTHORIZATION BASE UPON CONNECTION USING SYSTEM
AUTHORIZATION ID

Produkt:
DB2 FOR LUW / DB2FORLUW / 950 - DB2
Problembeschreibung:
One of the capabilities trusted contexts provide is the ability 
for the user of that trusted context to inherit a database role. 
For example, a customer could choose to grant SELECT privilege 
on the payroll table to a role and make that role available only 
through a trusted context. That is, users will not be able to 
take advantage of the role (and consequently the SELECT 
privilege on the payroll table) when they are operating outside 
the scope of that trusted context. 
 
Prior to 9.5 fixpak 9, roles inherited through trusted contexts 
were not taken into account when checking for CONNECT privilege 
at database connection time. This restriction is being removed 
in 9.5 FP9. One immediate application of this enhancement is the 
ability to restrict where an end user might connect to the 
database from. For example, suppose the security administrator 
has a requirement to allow user newton to connect to the 
database only from IP address a.b.c.d. To implement this 
requirement, the security administrator first makes sure that 
CONNECT privilege is not granted to PUBLIC and is not granted to 
user newton or to any role or a group he is a member of. They 
also make sure user newton does not hold a database or database 
manager authority that has implicit CONNECT privilege to the 
database (e.g., DBADM or SYSADM). Then, they create a role R and 
grant CONNECT privilege to that role. Next, they create a 
trusted context object for user newton that offers role R when 
newton connects to the database from IP address a.b.c.d. That is 
it! The security administrator has now implemented the 
requirement.
Problem-Zusammenfassung:
**************************************************************** 
* USERS AFFECTED:                                              * 
* All                                                          * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* See Error Description                                        * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* Upgrade to DB2 9.5 FP9                                       * 
****************************************************************
Local-Fix:
verfügbare FixPacks:
DB2 Version 9.5 Fix Pack 9 for Linux, UNIX, and Windows
DB2 Version 9.5 Fix Pack 10 for Linux, UNIX, and Windows

Lösung
The problem was first fixed in DB2 9.5 FP9
Workaround
keiner bekannt / siehe Local-Fix
Kommentar
USE TRUSTED CONTEXT CONNECT AUTHORIZATION BASE UPON CONNECTION 
USING SYSTEM AUTHORIZATION ID
Weitere Daten
Datum - Problem gemeldet    :
Datum - Problem geschlossen :
Datum - der letzten Änderung:
11.08.2011
12.03.2012
12.03.2012
Problem behoben ab folgender Versionen (IBM BugInfos)
9.5.FP9
Problem behoben lt. FixList in der Version
9.5.0.9 FixList