I used to be a member of the DB2 listserv - maybe I still am - but they fell silent a while ago and I quit expecting it to change. But yeah, you should be able to find out from a DBA.
As I tried to say in the last post (but I don't think I was very clear), DB2 saves all its GRANTs in a table, or maybe in more than one table. You should be able to write a query to look at that table (if you have the right authorization) for any GRANTs for the ID that is the group you deleted and restored - or, of course, any other GRANTs that interest you. You just have to find out the name of the table(s), which would be some standard documented table name. If I run across it I'll let you know, but I'm sure it'll be in the DB2 documentation. --- Bob Bridges, [email protected], cell 336 382-7313 /* We must picture Hell as a state where everyone is perpetually concerned about his own dignity and advancement, where everyone has a grievance, and where eveyone lives the deadly serious passions of envy, self-importance, and resentment. -C S Lewis, preface to _The Screwtape Letters_ */ -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Radoslaw Skorupka Sent: Wednesday, June 15, 2022 16:59 It's the opposite: I deleted the group from RACF and some job failed. I quickly re-created the group and connect and restarted job ended OK. However I want to check out what GRANT or other was issued against the group. Or more generally - I want to find out the groupname in DB2 catalog. Not for this group, but for other groups and environments. Yeah, I should ask DB2 admin... ;-) --- W dniu 13.06.2022 o 23:07, Bob Bridges pisze: > RACF doesn't know, so once you've deleted the GRANT from DB2 I don’t know of > a way to find out what you lost (unless you can get it from a backup). But > there are tables in DB2 that list all GRANTs, so you can export those to, > say, Excel and do some sorting and other munging to get a sensible list. > It's been a while, but I did that as part of a project to convert DB2 > security to RACF. > > When I say "it's been a while", what I mean is that I don't remember what > that table or those tables were called. But I was able to find them back > then, so I'm sure it's documented in DB2 somewhere. > > -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On Behalf Of > Radoslaw Skorupka > Sent: Monday, June 13, 2022 16:09 > > The following scenario: DB2 v12 using pre-RACF (GRANT/REVOKE) security. Of > course userids and groupids are taken from RACF. There are several groups > which are candidates to delete as they look as not needed. However some of > them have DB2 GRANTs, so those groups should not be deleted. > > So far, so good. Unfortunately some group was deleted, despite it was used by > DB2. I don't know details, but AFAIK probably it was something related to SET > SQL ID or so. > > Q: is there any method to find out *all* RACF users and groups used for any > authorisation in DB2? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
