Blogs

mark gillis (2)

User and Group permissions for Procs, Views and Triggers – Part 2

Posted by Carol Davis-Mann on February 22, 2023 at 9:27am

 

By Mark Gillis

 

In the first part of this blog I outlined an issue I’d come across with the conferring of Role-based permissions to Groups for certain objects. Here’s one way around it and some further observations on the underlying issue.

 

Possible workaround

I did say I didn’t entirely like this option but it’s all I have been able to come up with so far.

If you want to enforce the structure of Users being allocated to Groups by your Windows or Unix Admins / Customers, you might have to keep the CREATE option up at the Database Administrator level. Once a View, Proc or whatever is in existence, the subsequent dynamic operations will be validated against the Group credentials and that can be operated by the Users who are members of appropriate Groups. This lets your User population stay fluid, whilst the Groups and Roles can stay relatively, if not entirely, static.

Read the blog in full.

 

10971285083?profile=RESIZE_710x

Read more…

Stored Procedure dependencies: the missing links

Posted by Carol Davis-Mann on November 1, 2021 at 12:56pm

By Mark Gillis

There are easily accessible means of checking what your Stored Procedure needs in the way of dependent objects (SYSCAT.ROUTINEDEP, basically). So, what if you find a, or a number of, Stored Procs that are marked as needing a REBIND and then, when you do that rebind, you get an SQL0440 indicating that “something” is missing. How do you go about checking that situation out? Find out here

9756322693?profile=RESIZE_584x

Read more…