IBM Support

Authorization List detail added to Authorization catalogs

News


Abstract

Authorization List detail added to Authorization catalogs

Content

You are in: IBM i Technology Updates > Db2 for i - Technology UpdatesDb2 for i Security Enhancements > Authorizations List detail added to Authorization catalogs
Authorization lists are a useful security mechanism to control object access with a minimum of administration.

Database authorization catalogs have been extended to indicate the name of the authorization list related to user access to objects.

The AUTHORIZATION_LIST column has been added to the catalogs shown in Figure 1.

Figure 1. Db2 for i object authorization catalogs

image-20200115095959-3

Example 1. Use authorization lists within the TOYSTORE

call qsys.create_sql_sample('TOYSTORE');
CL: CRTUSRPRF USRPRF(HRTEAM) PASSWORD(*NONE);
CL: CRTUSRPRF USRPRF(APPTEAM) PASSWORD(*NONE);
CL: CRTUSRPRF USRPRF(DBATEAM) PASSWORD(*NONE);
CL: CRTUSRPRF USRPRF(USERBOB) PASSWORD() USRCLS(*USER) INLPGM(QCMD) GRPPRF(HRTEAM);
CL: CRTUSRPRF USRPRF(USERTOM) PASSWORD() USRCLS(*USER) INLPGM(QCMD) GRPPRF(APPTEAM) ;           
CL: CRTUSRPRF USRPRF(USERRAE) PASSWORD() USRCLS(*USER) INLPGM(QCMD) GRPPRF(DBATEAM);           
CL: CRTUSRPRF USRPRF(USERWENDY) PASSWORD() USRCLS(*USER) INLPGM(QCMD) GRPPRF(DBATEAM) SUPGRPPRF(APPTEAM) ;           
CL: CRTAUTL AUTL(TOYAUTL) AUT(*EXCLUDE);
CL: CHGAUTLE AUTL(TOYAUTL) USER(HRTEAM) AUT(*OBJOPR *READ);  -- Note that the SQL equivalent authorization appears in the catalog
CL: ADDAUTLE AUTL(TOYAUTL) USER(DBATEAM) AUT(*ALL);
CL: ADDAUTLE AUTL(TOYAUTL) USER(APPTEAM) AUT(*EXECUTE);
CL: GRTOBJAUT OBJ(TOYSTORE/*ALL) OBJTYPE(*ALL) AUTL(TOYAUTL)         ;
CL: GRTOBJAUT OBJ(TOYSTORE) OBJTYPE(*LIB) AUTL(TOYAUTL)         ;

SELECT GRANTEE, TABLE_NAME, PRIVILEGE_TYPE, AUTHORIZATION_LIST 
FROM QSYS2.SYSTABAUTH WHERE
TABLE_SCHEMA = 'TOYSTORE' AND TABLE_NAME = 'STAFF'
ORDER BY GRANTEE DESC

Figure 2. Authorization list example output

image-20200115095943-2

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
21 January 2020

UID

ibm11172746

Page Feedback