DB2 access with NON-LOGABLE userid
in [DB2]
|
Prev: Federated Database Using EXISTS Clause with Common Table Expressions
Next: Discount wholesale Rolex Watch (www.jordanonline06.com) (paypal payment)
From: Guto on 17 Mar 2010 13:16 Hi There, A user owns a bunch tables and have grant previleges on the database, but this was turned into a non-logonable on TSO ( removed from TSO ). Does this user still have access to the database via other tools , such as Aqua Data Studio or similar? Thanks! Guto.
From: rs on 17 Mar 2010 22:35 On Mar 17, 12:16 pm, Guto <gutom...(a)gmail.com> wrote: > Hi There, > A user owns a bunch tables and have grant previleges on the database, > but this was turned into a non-logonable on TSO ( removed from TSO ). > Does this user still have access to the database via other tools , > such as Aqua Data Studio or similar? > > Thanks! > Guto. Is the user fully removed from the OS? If so, he will not be able to be authenticated, and no access to the database.
From: Guto on 17 Mar 2010 23:22 On Mar 17, 11:35 pm, rs <helenhaoc...(a)gmail.com> wrote: > On Mar 17, 12:16 pm, Guto <gutom...(a)gmail.com> wrote: > > > Hi There, > > A user owns a bunch tables and have grant previleges on the database, > > but this was turned into a non-logonable on TSO ( removed from TSO ).. > > Does this user still have access to the database via other tools , > > such as Aqua Data Studio or similar? > > > Thanks! > > Guto. > > Is the user fully removed from the OS? > If so, he will not be able to be authenticated, and no access to the > database. Hi Thanks for your reply, but in this case the user was not removed from the OS, only don't have a TSO segment. ( I guess that this is what they do when they turn a user non-logonable ) I'm not a mainframe guy, not a clue on if makes any sense :) Thanks!
From: The Boss on 18 Mar 2010 18:04 Guto wrote: > On Mar 17, 11:35 pm, rs <helenhaoc...(a)gmail.com> wrote: >> On Mar 17, 12:16 pm, Guto <gutom...(a)gmail.com> wrote: >> >>> Hi There, >>> A user owns a bunch tables and have grant previleges on the >>> database, but this was turned into a non-logonable on TSO ( removed >>> from TSO ). Does this user still have access to the database via >>> other tools , such as Aqua Data Studio or similar? >> >>> Thanks! >>> Guto. >> >> Is the user fully removed from the OS? >> If so, he will not be able to be authenticated, and no access to the >> database. > Hi Thanks for your reply, > but in this case the user was not removed from the OS, only don't have > a TSO segment. ( I guess that this is what they do when they turn a > user non-logonable ) > I'm not a mainframe guy, not a clue on if makes any sense :) > Thanks! If the userid is still defined in RACF and only lost its TSO segment, the user still can access the database from outside TSO. -- Jeroen
From: Guto on 19 Mar 2010 10:04
On Mar 18, 7:04 pm, "The Boss" <use...(a)No.Spam.Please.invalid> wrote: > Guto wrote: > > On Mar 17, 11:35 pm, rs <helenhaoc...(a)gmail.com> wrote: > >> On Mar 17, 12:16 pm, Guto <gutom...(a)gmail.com> wrote: > > >>> Hi There, > >>> A user owns a bunch tables and have grant previleges on the > >>> database, but this was turned into a non-logonable on TSO ( removed > >>> from TSO ). Does this user still have access to the database via > >>> other tools , such as Aqua Data Studio or similar? > > >>> Thanks! > >>> Guto. > > >> Is the user fully removed from the OS? > >> If so, he will not be able to be authenticated, and no access to the > >> database. > > Hi Thanks for your reply, > > but in this case the user was not removed from the OS, only don't have > > a TSO segment. ( I guess that this is what they do when they turn a > > user non-logonable ) > > I'm not a mainframe guy, not a clue on if makes any sense :) > > Thanks! > > If the userid is still defined in RACF and only lost its TSO segment, the > user still can access the database from outside TSO. > > -- > Jeroen Thanks Jeroen! is there any other way to prevent this useer to access the database? This would be needed because of a particular case on the userid is the application owner, and he still needs to exists... Thanks! |