ITEM: S9811L

What you need to Compile and Bind without being SYSADM


ENV: AIX 3.2.5, db2/6000 v1.2.0.0

DESC: 

Customer has users who are compiling micro focus cobol programs.
They need sysadm authority to precompile these program.
When they were placed in the same group as sysadm they 
got these priviledges by default. Customer was concerned with 
them having those priviledges. Hence she removed them from the 
sysadm group. Doing so caused them not to connect to database.
She would like to know how they could successfully compile 
and yet not be granted sysadm authority?

ACT:

To create a second user which has limitted permissions to a database
without the 2nd user being in the isntance owners group and yet allow
the new user to compile programs:

1. Create new user under and group other than the data base owner's
group.

   \# mkuser inst1

2. Create and instance for this new user (from root)

   \# /usr/lpp/db2_01_01_0000/instance/db2instance inst1
   
   OR

   You could go to step 3 and replace "$HOME" with "/home/InstanceName".
   If you do this skip step 4.

3. Edit the new user so that it has a line in the .profile which
reads:

   . $HOME/sqllib/db2profile  \<---- Note there is a period at the 
                                    start of this line

4. Edit the file $HOME/sqllib/db2profile so that the variable
DB2INSTANCE is set equal to the database instance owner.

5. As the instance owner run the commands:

      $ db2start
      $ db2 connect to sample

   Now you can either grant permissions to each individual:

      $ db2 grant connect,binadd on database to inst1

   or you create a new group for a set of users and run:

      $ db2 grant connect,bindadd on database to GroupName
  
   You will also need to grant control to the tables in the database
   to each individual user in the group.  Grantting PUBLIC control to
   the tables will not cut it.  The PUBLIC grant will allow the PUBLIC 
   to exec the compiled program with control authority.

      $ db2 grant control on table org to inst1
      $ db2 grant control on table staff to inst1

      $ db2 terminate
      $ dbb2stop
      $ db2start

6. As the user inst1 try to connect to the database with:

   $ db2 connect to sample

7. Now try to compile your program.





Support Line: What you need to Compile and Bind without being SYSADM ITEM: S9811L

Dated: April 1995 Category: N/A

This HTML file was generated 99/06/24~13:30:36

Comments or suggestions?
Contact us