home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Latest versionsfixlist
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Have problems? - contact us.
Register for free anmeldung-x26
Contact form kontakt-x26

DB2 - Problem description

Problem IC69906 Status: Closed

USE TRUSTED CONTEXT CONNECT AUTHORIZATION BASE UPON CONNECTION USING SYSTEM
AUTHORIZATION ID

product:
DB2 FOR LUW / DB2FORLUW / 970 - DB2
Problem description:
One of the capabilities trusted contexts provide is the ability 
for the user of that trusted context to inherit a database role. 
For example, a customer could choose to grant SELECT privilege 
on the payroll table to a role and make that role available only 
through a trusted context. That is, users will not be able to 
take advantage of the role (and consequently the SELECT 
privilege on the payroll table) when they are operating outside 
the scope of that trusted context. 
 
Prior to 9.7 fixpak 3, roles inherited through trusted contexts 
were not taken into account when checking for CONNECT privilege 
at database connection time. This restriction is being removed 
in 9.7 FP3. One immediate application of this enhancement is the 
ability to restrict where an end user might connect to the 
database from. For example, suppose the security administrator 
has a requirement to allow user newton to connect to the 
database only from IP address a.b.c.d. To implement this 
requirement, the security administrator first makes sure that 
CONNECT privilege is not granted to PUBLIC and is not granted to 
user newton or to any role or a group he is a member of. They 
also make sure user newton does not hold a database or database 
manager authority that has implicit CONNECT privilege to the 
database (e.g., DBADM or SYSADM). Then, they create a role R and 
grant CONNECT privilege to that role. Next, they create a 
trusted context object for user newton that offers role R when 
newton connects to the database from IP address a.b.c.d. That is 
it! The security administrator has now implemented the 
requirement.
Problem Summary:
Local Fix:
available fix packs:
DB2 Version 9.7 Fix Pack 3 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 3a for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 4 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 5 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 6 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 7 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 8 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 9 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 9a for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 10 for Linux, UNIX, and Windows

Solution
Workaround
not known / see Local fix
Comment
USE TRUSTED CONTEXT CONNECT AUTHORIZATION BASE UPON CONNECTION 
USING SYSTEM AUTHORIZATION ID
BUG-Tracking
forerunner  : APAR is sysrouted TO one or more of the following: IC70318 IC78060 
follow-up : 
Timestamps
Date  - problem reported    :
Date  - problem closed      :
Date  - last modified       :
14.07.2010
23.09.2010
23.09.2010
Problem solved at the following versions (IBM BugInfos)
Problem solved according to the fixlist(s) of the following version(s)
9.7.0.3 FixList
9.7.0.3 FixList