There are different ways you can address this. 1) Given that you "trust" your programmers far enough. You can create an id that will have DBADM authority (or proper privileges only on the rquired tables + bindadd) and they can use this to issue the binds themselves. This gives you a single id to manage but you have to trust that they will behave. 2) They already have connect so they can prep the appls. with the bindfile option. You then use your own DBA id to issue the binds when you're ready to promote the appl. in production. If the / of appls. that you promote is not too large this should not be a problem. 3) You can create an application that you can compile as an load module in which you bury a logon to the db with an id that has the privileges. The parms you pass on to the appl. receives the source file to prep and bind and the appl. issues the prep and bind under tha "buried" id.
HTH, Pierre. ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, February 21, 2003 10:06 AM Subject: [DB2EUG] Binding Static SQL against DB2 UDB > Hello List, > > We have a situation where we have several production databases that in the > past have only had dynamic SQL accessing them. To handle table security, > we setup some groups and put userids into the groups and granted the > appropriate authority on the tables to the groups. Now we are running into > a need to bind static programs against these databases and are running into > authority issues with the programmers that are wanting to bind these > programs. According to the administration guide, it states that > "privileges granted through groups are not used for authorization checking > when static SQL is bound". I don't have a problem with granting bindadd to > the people that need to do the binds, but I do have a problem granting > select, insert, update, delete to public to alleviate the table authority. > I realize that I can grant the table privileges to the userid trying to do > the bind, but that is not a desired option because of the amount of work > involved keeping track of grants to individual userids. > > On a side note, these programs are being bound from a S/390 subsystem. We > have established the connection from S/390 to the UDB databases and > verified that it works. > > DB2 UDB version 7.2 fixpack 6 > Windows 2000 > > I would like to know how other shops out there handle this type of > situation. > > Thanks, > Tim Traxson > [EMAIL PROTECTED] > 479-820-8811 > > > > > > - > ::: When replying to the list, please use 'Reply-All' and make sure > ::: a copy goes to the list ([EMAIL PROTECTED]). > *** To unsubscribe, send 'unsubscribe' to [EMAIL PROTECTED] > *** For more information, check http://www.db2eug.uni.cc > - ::: When replying to the list, please use 'Reply-All' and make sure ::: a copy goes to the list ([EMAIL PROTECTED]). *** To unsubscribe, send 'unsubscribe' to [EMAIL PROTECTED] *** For more information, check http://www.db2eug.uni.cc
