| View previous topic :: View next topic |
| Author |
Message |
misi01
Advanced
Joined: 02 Dec 2002
Posts: 629
Topics: 176
Location: Stockholm, Sweden
|
 Posted: Thu Aug 14, 2014 9:07 am Post subject: Grant insert access to DB2 table via Rexx script |
 |
|
Is it possible to define DB2 grant on a table such that it's okay to run a Rexx script that inserts into a table but at the same time, not allow users to select/view the table (in the same way IMS can allow a specific MQ queue to start ONE specific IMS transaction)????
_________________
Michael |
|
| Back to top |
|
 |
kolusu
Site Admin
Joined: 26 Nov 2002
Posts: 12378
Topics: 75
Location: San Jose
|
| Posted: Thu Aug 14, 2014 11:51 am Post subject: |
|
|
misi01,
Do you want ALL your users to able to insert using a REXX script but they cannot see what they insert?
or is it just 1 person who wants to insert? and no one else can see the contents of the table?
Eitherway you can Code the GRANT statement in rexx and execute it with a commit
| Code: |
GU_ST = 'GRANT INSERT ON TABLE mytable to userid;'
RUNSTMT = 'EXECUTE IMMEDIATE :GU_ST'
ADDRESS DSNREXX "EXECSQL" RUNSTMT
....
repeat the above with a COMMIT statement
Now perform the Insert
At the end revoke the insert authority
REV_ST = 'REVOKE INSERT ON TABLE mytable FROM userid;'
RUNSTMT = 'EXECUTE IMMEDIATE :REV_ST'
ADDRESS DSNREXX "EXECSQL" RUNSTMT
|
_________________
Kolusu
www.linkedin.com/in/kolusu |
|
| Back to top |
|
|
misi01
Advanced
Joined: 02 Dec 2002
Posts: 629
Topics: 176
Location: Stockholm, Sweden
|
| Posted: Thu Sep 04, 2014 12:31 am Post subject: |
|
|
I wanted all users to be able insert into the table but not to be able to access it in any other way.
Unfortunately, your suggestion (although simple) didn't cut it. Turned out (no idea why) I had to apply to our security department so they could set up the RACF authority.
After that. the Rexx script simply had top perform the actual insert, nothing else.
_________________
Michael |
|
| Back to top |
|
|
kolusu
Site Admin
Joined: 26 Nov 2002
Posts: 12378
Topics: 75
Location: San Jose
|
| Posted: Thu Sep 04, 2014 10:26 am Post subject: |
|
|
| misi01 wrote: | Unfortunately, your suggestion (although simple) didn't cut it. Turned out (no idea why) I had to apply to our security department so they could set up the RACF authority.
After that. the Rexx script simply had top perform the actual insert, nothing else. |
Well You need to have GRANTEE authority to grant other users insert ability. If you don't have it , it will obviously fail. You should have checked the SQL CODE after the grant statement which would tell you the exact reason for the failure.
_________________
Kolusu
www.linkedin.com/in/kolusu |
|
| Back to top |
|
|
misi01
Advanced
Joined: 02 Dec 2002
Posts: 629
Topics: 176
Location: Stockholm, Sweden
|
| Posted: Thu Sep 04, 2014 12:22 pm Post subject: |
|
|
The problem wasn't the grant (as far as I could see). I had a colleague testing it and he kept getting a RACF error on access to myuser.usage.insert (where usage was the name of the table and obviously insert was what the rexx code was trying to do)
_________________
Michael |
|
| Back to top |
|
|
|
|
|
FAQ
Search
Quick Manuals
Register
Profile
Log in to check your private messages
Log in
