/****************************************************************************
** (c) Copyright IBM Corp. 2007 All rights reserved.
**
** The following sample of source code ("Sample") is owned by International
** Business Machines Corporation or one of its subsidiaries ("IBM") and is
** copyrighted and licensed, not sold. You may use, copy, modify, and
** distribute the Sample in any form without payment to IBM, for the purpose of
** assisting you in the development of your applications.
**
** The Sample code is provided to you on an "AS IS" basis, without warranty of
** any kind. IBM HEREBY EXPRESSLY DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR
** IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do
** not allow for the exclusion or limitation of implied warranties, so the above
** limitations or exclusions may not apply to you. IBM shall not be liable for
** any damages you suffer as a result of using, copying, modifying or
** distributing the Sample, even if IBM has been advised of the possibility of
** such damages.
*****************************************************************************
**
** SOURCE FILE NAME: dbauth.sqC
**
** SAMPLE: How to grant, display, and revoke authorities at database level
**
** DB2 API USED:
** sqluadau -- Get Authorizations
**
** SQL STATEMENTS USED:
** GRANT (Database Authorities)
** SELECT INTO
** REVOKE (Database Authorities)
**
**
*****************************************************************************
**
** For more information on the sample programs, see the README file.
**
** For information on developing embedded SQL applications see the Developing Embedded SQL Applications book.
**
** For information on using SQL statements, see the SQL Reference.
**
** For information on DB2 APIs, see the Administrative API Reference.
**
** For the latest information on programming, compiling, and running DB2
** applications, visit the DB2 Information Center at
** http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp
****************************************************************************/
#include <sqlenv.h>
#include <sqlutil.h>
#include "utilemb.h"
#if ((__cplusplus >= 199711L) && !defined DB2HP && !defined DB2AIX) || \
(DB2LINUX && (__LP64__ || (__GNUC__ >= 3)) )
#include <iostream>
using namespace std;
#else
#include <iostream.h>
#endif
EXEC SQL BEGIN DECLARE SECTION;
char granteetype[2];
char dbadmauth[2];
char createtabauth[2];
char bindaddauth[2];
char connectauth[2];
char nofenceauth[2];
char implschemaauth[2];
char loadauth[2];
EXEC SQL END DECLARE SECTION;
class DbAuth
{
public:
int DbAuthGrant();
int DbAuthForAnyUserOrGroupDisplay();
int DbAuthForCurrentUserDisplay();
int DbAuthRevoke();
private: // support function
char *authStrVal(short);
};
char *DbAuth::authStrVal(short authShortVal)
{
return ( (char *) (authShortVal == 1 ? "YES" : "NO") );
} //DbAuth::authStrVal
int DbAuth::DbAuthGrant()
{
struct sqlca sqlca;
cout << "\n-----------------------------------------------------------";
cout << "\nUSE THE SQL STATEMENTS:" << endl;
cout << " GRANT (Database Authorities)" << endl;
cout << " COMMIT" << endl;
cout << "TO GRANT AUTHORITIES AT DATABASE LEVEL." << endl;
// grant user authorities at database level
cout << "\n GRANT CONNECT, CREATETAB, BINDADD"
<< " ON DATABASE TO USER user1" << endl;
EXEC SQL GRANT CONNECT, CREATETAB, BINDADD ON DATABASE TO USER user1;
EMB_SQL_CHECK("user authorities at db. level -- grant");
cout << " COMMIT" << endl;
EXEC SQL COMMIT;
EMB_SQL_CHECK("transaction -- commit");
return 0;
} //DbAuth::DbAuthGrant
int DbAuth::DbAuthForAnyUserOrGroupDisplay()
{
struct sqlca sqlca;
cout << "\n-----------------------------------------------------------";
cout << "\nUSE THE SQL STATEMENT:" << endl;
cout << " SELECT INTO" << endl;
cout << "TO DISPLAY AUTHORITIES FOR ANY USER AT DATABASE LEVEL." << endl;
cout << "\n SELECT granteetype, dbadmauth, createtabauth, bindaddauth,"
<< "\n connectauth, nofenceauth, implschemaauth, loadauth"
<< "\n FROM syscat.dbauth"
<< "\n WHERE grantee = 'USER1'" << endl;
EXEC SQL SELECT granteetype, dbadmauth, createtabauth, bindaddauth,
connectauth, nofenceauth, implschemaauth, loadauth
INTO :granteetype, :dbadmauth, :createtabauth, :bindaddauth,
:connectauth, :nofenceauth, :implschemaauth, :loadauth
FROM syscat.dbauth
WHERE grantee = 'USER1';
EMB_SQL_CHECK("user authorities at database level -- get");
cout << "\n Grantee Type = " << granteetype[0] << endl;
cout << " DBADM auth. = " << dbadmauth[0] << endl;
cout << " CREATETAB auth. = " << createtabauth[0] << endl;
cout << " BINDADD auth. = " << bindaddauth[0] << endl;
cout << " CONNECT auth. = " << connectauth[0] << endl;
cout << " NO_FENCE auth. = " << nofenceauth[0] << endl;
cout << " IMPL_SCHEMA auth. = " << implschemaauth[0] << endl;
cout << " LOAD auth. = " << loadauth[0] << endl;
return 0;
} //DbAuth::DbAuthForAnyUserOrGroupDisplay
int DbAuth::DbAuthForCurrentUserDisplay()
{
struct sqlca sqlca;
struct sql_authorizations currentUserAuthorities;
cout << "\n-----------------------------------------------------------";
cout << "\nUSE THE DB2 API:" << endl;
cout << " sqluadau -- Get Authorizations" << endl;
cout << "TO DISPLAY CURRENT USER AUTHORITIES AT DATABASE LEVEL:" << endl;
currentUserAuthorities.sql_authorizations_len = SQL_AUTHORIZATION_SIZE;
// get current user authorities
sqluadau(¤tUserAuthorities, &sqlca);
DB2_API_CHECK("current user authorities -- get");
cout << "\n User DBADM authority : "
<< authStrVal(currentUserAuthorities.sql_dbadm_auth);
cout << "\n User CREATETAB authority : "
<< authStrVal(currentUserAuthorities.sql_createtab_auth);
cout << "\n User BINDADD authority : "
<< authStrVal(currentUserAuthorities.sql_bindadd_auth);
cout << "\n User CONNECT authority : "
<< authStrVal(currentUserAuthorities.sql_connect_auth);
cout << "\n User CREATE_NOT_FENC authority : "
<< authStrVal(currentUserAuthorities.sql_create_not_fenc_auth);
cout << "\n User IMPLICIT_SCHEMA authority : "
<< authStrVal(currentUserAuthorities.sql_implicit_schema_auth);
cout << "\n User LOAD authority : "
<< authStrVal(currentUserAuthorities.sql_load_auth) << endl;
cout << "\n Group DBADM authority : "
<< authStrVal(currentUserAuthorities.sql_dbadm_grp_auth);
cout << "\n Group CREATETAB authority : "
<< authStrVal(currentUserAuthorities.sql_createtab_grp_auth);
cout << "\n Group BINDADD authority : "
<< authStrVal(currentUserAuthorities.sql_bindadd_grp_auth);
cout << "\n Group CONNECT authority : "
<< authStrVal(currentUserAuthorities.sql_connect_grp_auth);
cout << "\n Group CREATE_NOT_FENC authority: "
<< authStrVal(currentUserAuthorities.sql_create_not_fenc_grp_auth);
cout << "\n Group IMPLICIT_SCHEMA authority: "
<< authStrVal(currentUserAuthorities.sql_implicit_schema_grp_auth);
cout << "\n Group LOAD authority : "
<< authStrVal(currentUserAuthorities.sql_load_grp_auth) << endl;
return 0;
} //DbAuth::DbAuthForCurrentUserDisplay
int DbAuth::DbAuthRevoke()
{
struct sqlca sqlca;
cout << "\n-----------------------------------------------------------";
cout << "\nUSE THE SQL STATEMENTS:" << endl;
cout << " REVOKE (Database Authorities)" << endl;
cout << " COMMIT" << endl;
cout << "TO REVOKE AUTHORITIES AT DATABASE LEVEL." << endl;
// revoke user authorities at database level
cout << "\n REVOKE CONNECT, CREATETAB, BINDADD"
<< " ON DATABASE FROM USER user1" << endl;
EXEC SQL REVOKE CONNECT, CREATETAB, BINDADD ON DATABASE FROM user1;
EMB_SQL_CHECK("user authorities at db. level -- revoke");
cout << " COMMIT" << endl;
EXEC SQL COMMIT;
EMB_SQL_CHECK("transaction -- commit");
return 0;
} //DbAuth::DbAuthRevoke
int main(int argc, char *argv[])
{
int rc = 0;
CmdLineArgs check;
DbAuth auth;
DbEmb db;
// check the command line arguments
rc = check.CmdLineArgsCheck1(argc, argv, db);
if (rc != 0)
{
return rc;
}
cout << "\nTHIS SAMPLE SHOWS "
<< "HOW TO GRANT/DISPLAY/REVOKE AUTHORITIES AT DATABASE LEVEL."
<< endl;
// connect to the database
rc = db.Connect();
if (rc != 0)
{
return rc;
}
rc = auth.DbAuthGrant();
rc = auth.DbAuthForAnyUserOrGroupDisplay();
rc = auth.DbAuthForCurrentUserDisplay();
rc = auth.DbAuthRevoke();
// disconnect from the database
rc = db.Disconnect();
if (rc != 0)
{
return rc;
}
return 0;
} //main