 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion Groups Database Servers DB2InformixIngresMS SQLOraclePervasive.SQLPostgreSQLProgressSybaseDesktop Databases FileMakerFoxProMS AccessParadoxGeneral General DB TopicsDatabase TheoryRelated Topics Java Development.NET DevelopmentVB DevelopmentMore Topics ... |
Database Forum / DB2 Topics / February 2007SECURITY INVOKER in DB2?
Hello, In PostgreSQL, when you create a function, you may choose between SECURITY INVOKER or SECURITY DEFINER: http://www.postgresql.org/docs/8.2/static/sql-createfunction.html When a function has SECURITY INVOKER (the default), the SQL it contains is run with the permissions of the invoking user. It seems that DB2 UDFs uses SECURITY DEFINER (using PostgreSQL terms), and that there is no way to change that. Or? Is there a way for me to provide a UDF to a lot of users but prevent the contained SQL from being executed with my permissions?  SignatureRegards, Troels Arvin <troels@arvin.dk> http://troels.arvin.dk/ > Hello, > [quoted text clipped - 8 lines] > a UDF to a lot of users but prevent the contained SQL from being executed > with my permissions? You can use dynamic SQL for the pieces you don't want to vouch for. To use dynamic SQL in a SQL UDF CALL a procedure and place the PREPARE/EXECUTE/EXECUTE IMMEDIATE in there. Dynamic SQL runs under invoker rights. Still curiosu to learn more about what is driving this. Encapsulation of authority is a core function of views and routines. SignatureSerge Rielau DB2 Solutions Development IBM Toronto Lab |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.