DB2 access with NON-LOGABLE userid
in [DB2]
|
Prev: Federated Database Using EXISTS Clause with Common Table Expressions
Next: Discount wholesale Rolex Watch (www.jordanonline06.com) (paypal payment)
From: alandgri on 20 Mar 2010 00:24 On Mar 19, 9:04 am, Guto <gutom...(a)gmail.com> wrote: > On Mar 18, 7:04 pm, "The Boss" <use...(a)No.Spam.Please.invalid> wrote: > > > > > Guto wrote: > > > On Mar 17, 11:35 pm, rs <helenhaoc...(a)gmail.com> wrote: > > >> On Mar 17, 12:16 pm, Guto <gutom...(a)gmail.com> wrote: > > > >>> Hi There, > > >>> A user owns a bunch tables and have grant previleges on the > > >>> database, but this was turned into a non-logonable on TSO ( removed > > >>> from TSO ). Does this user still have access to the database via > > >>> other tools , such as Aqua Data Studio or similar? > > > >>> Thanks! > > >>> Guto. > > > >> Is the user fully removed from the OS? > > >> If so, he will not be able to be authenticated, and no access to the > > >> database. > > > Hi Thanks for your reply, > > > but in this case the user was not removed from the OS, only don't have > > > a TSO segment. ( I guess that this is what they do when they turn a > > > user non-logonable ) > > > I'm not a mainframe guy, not a clue on if makes any sense :) > > > Thanks! > > > If the userid is still defined in RACF and only lost its TSO segment, the > > user still can access the database from outside TSO. > > > -- > > Jeroen > > Thanks Jeroen! > is there any other way to prevent this useer to access the database? > This would be needed because of a particular case on the userid is the > application owner, and he still needs to exists... > Thanks! So you need the user to exist in the database in order to own objects etc, but not actually be accessible or usable by anyone. I don't really have any specific DB2 guidance, but I have seen this functionality in other DBMS by making the password expired.
From: danfan46 on 20 Mar 2010 04:30
alandgri wrote: > On Mar 19, 9:04 am, Guto <gutom...(a)gmail.com> wrote: >> On Mar 18, 7:04 pm, "The Boss" <use...(a)No.Spam.Please.invalid> wrote: >> >> >> >>> Guto wrote: >>>> On Mar 17, 11:35 pm, rs <helenhaoc...(a)gmail.com> wrote: >>>>> On Mar 17, 12:16 pm, Guto <gutom...(a)gmail.com> wrote: >>>>>> Hi There, >>>>>> A user owns a bunch tables and have grant previleges on the >>>>>> database, but this was turned into a non-logonable on TSO ( removed >>>>>> from TSO ). Does this user still have access to the database via >>>>>> other tools , such as Aqua Data Studio or similar? >>>>>> Thanks! >>>>>> Guto. >>>>> Is the user fully removed from the OS? >>>>> If so, he will not be able to be authenticated, and no access to the >>>>> database. >>>> Hi Thanks for your reply, >>>> but in this case the user was not removed from the OS, only don't have >>>> a TSO segment. ( I guess that this is what they do when they turn a >>>> user non-logonable ) >>>> I'm not a mainframe guy, not a clue on if makes any sense :) >>>> Thanks! >>> If the userid is still defined in RACF and only lost its TSO segment, the >>> user still can access the database from outside TSO. >>> -- >>> Jeroen >> Thanks Jeroen! >> is there any other way to prevent this useer to access the database? >> This would be needed because of a particular case on the userid is the >> application owner, and he still needs to exists... >> Thanks! > > So you need the user to exist in the database in order to own objects > etc, but not actually be accessible or usable by anyone. > > I don't really have any specific DB2 guidance, but I have seen this > functionality in other DBMS by making the password expired. You can transfer ownership /dg |