home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Neueste VersionenFixList
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Haben Sie Probleme? - Kontaktieren Sie uns.
Kostenlos registrieren anmeldung-x26
Kontaktformular kontakt-x26

DB2 - Problembeschreibung

Problem IC69906 Status: Geschlossen

USE TRUSTED CONTEXT CONNECT AUTHORIZATION BASE UPON CONNECTION USING SYSTEM
AUTHORIZATION ID

Produkt:
DB2 FOR LUW / DB2FORLUW / 970 - DB2
Problembeschreibung:
One of the capabilities trusted contexts provide is the ability 
for the user of that trusted context to inherit a database role. 
For example, a customer could choose to grant SELECT privilege 
on the payroll table to a role and make that role available only 
through a trusted context. That is, users will not be able to 
take advantage of the role (and consequently the SELECT 
privilege on the payroll table) when they are operating outside 
the scope of that trusted context. 
 
Prior to 9.7 fixpak 3, roles inherited through trusted contexts 
were not taken into account when checking for CONNECT privilege 
at database connection time. This restriction is being removed 
in 9.7 FP3. One immediate application of this enhancement is the 
ability to restrict where an end user might connect to the 
database from. For example, suppose the security administrator 
has a requirement to allow user newton to connect to the 
database only from IP address a.b.c.d. To implement this 
requirement, the security administrator first makes sure that 
CONNECT privilege is not granted to PUBLIC and is not granted to 
user newton or to any role or a group he is a member of. They 
also make sure user newton does not hold a database or database 
manager authority that has implicit CONNECT privilege to the 
database (e.g., DBADM or SYSADM). Then, they create a role R and 
grant CONNECT privilege to that role. Next, they create a 
trusted context object for user newton that offers role R when 
newton connects to the database from IP address a.b.c.d. That is 
it! The security administrator has now implemented the 
requirement.
Problem-Zusammenfassung:


Local-Fix:




verfügbare FixPacks:


DB2 Version 9.7 Fix Pack 3 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 3a for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 4 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 5 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 6 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 7 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 8 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 9 for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 9a for Linux, UNIX, and Windows
 DB2 Version 9.7 Fix Pack 10 for Linux, UNIX, and Windows
 


Lösung




Workaround


keiner bekannt / siehe Local-Fix


Kommentar


USE TRUSTED CONTEXT CONNECT AUTHORIZATION BASE UPON CONNECTION 
USING SYSTEM AUTHORIZATION ID


Bug-Verfolgung


Vorgänger  : APAR is sysrouted TO one or more of the following: IC70318 IC78060 
Nachfolger : 


Weitere Daten


Datum - Problem gemeldet    :
Datum - Problem geschlossen :
Datum - der letzten Änderung:

14.07.2010
23.09.2010
23.09.2010


Problem behoben ab folgender Versionen (IBM BugInfos)




Problem behoben lt. FixList in der Version


9.7.0.3

FixList



9.7.0.3

FixList