Privileges/security 用于 DB2 LUW 中的存储过程
Privileges/security for stored procedure in DB2 LUW
更新问题:
我的问题的核心是:我(User1)创建的存储过程无法从某些特定的 table(table1 由另一个用户(User2)创建)select 由于:
CREATE OR REPLACE PROCEDURE TEST_SCHEMA.TEST_PROCEDURE(OUT r_count INTEGER)
LANGUAGE SQL
BEGIN
SET r_count = (SELECT COUNT(*) FROM TEST_SCHEMA.TABLE1);
END
OK. No rows were affected
SQLWarning: Code: 20480 SQL State: 0168Y
--- The newly defined object "TEST_SCHEMA.TEST_PROCEDURE" is marked as invalid because it references an object "TEST_SCHEMA.TABLE1" which is
not defined or is invalid, or the definer does not have privilege to
access it.. SQLCODE=20480, SQLSTATE=0168Y, DRIVER=4.22.29
然而,当我 select 从 table1 在正常查询 window 中没有问题,因此我认为存储过程的安全选项有问题
SELECT COUNT(*) FROM TEST_SCHEMA.TABLE1
Table 和存储过程名称是完全限定的。存储过程由 user1 创建和执行。从 table1 到 select 的 user1 的权限是组权限。
过程创建者必须直接或通过角色对静态引用 table 具有相应的权限。
CREATE PROCEDURE (SQL) statement:
Authorization
The privileges held by the authorization ID of the
statement must include at least one of the following authorities:
- If the implicit or explicit schema name of the procedure does not exist, IMPLICIT_SCHEMA authority on the database.
- If the schema name of the procedure refers to an existing schema, CREATEIN privilege on the schema.
- DBADM authority
The privileges held by the authorization ID of the statement must also
include all of the privileges necessary to invoke the SQL statements
that are specified in the procedure body.
To replace an existing procedure, the authorization ID of the
statement must be the owner of the existing procedure (SQLSTATE
42501).
Group privileges are not considered for any table or view specified in
the CREATE PROCEDURE (SQL) statement.
更新问题: 我的问题的核心是:我(User1)创建的存储过程无法从某些特定的 table(table1 由另一个用户(User2)创建)select 由于:
CREATE OR REPLACE PROCEDURE TEST_SCHEMA.TEST_PROCEDURE(OUT r_count INTEGER)
LANGUAGE SQL
BEGIN
SET r_count = (SELECT COUNT(*) FROM TEST_SCHEMA.TABLE1);
END
OK. No rows were affected SQLWarning: Code: 20480 SQL State: 0168Y --- The newly defined object "TEST_SCHEMA.TEST_PROCEDURE" is marked as invalid because it references an object "TEST_SCHEMA.TABLE1" which is not defined or is invalid, or the definer does not have privilege to access it.. SQLCODE=20480, SQLSTATE=0168Y, DRIVER=4.22.29
然而,当我 select 从 table1 在正常查询 window 中没有问题,因此我认为存储过程的安全选项有问题
SELECT COUNT(*) FROM TEST_SCHEMA.TABLE1
Table 和存储过程名称是完全限定的。存储过程由 user1 创建和执行。从 table1 到 select 的 user1 的权限是组权限。
过程创建者必须直接或通过角色对静态引用 table 具有相应的权限。
CREATE PROCEDURE (SQL) statement:
Authorization
The privileges held by the authorization ID of the statement must include at least one of the following authorities:
- If the implicit or explicit schema name of the procedure does not exist, IMPLICIT_SCHEMA authority on the database.
- If the schema name of the procedure refers to an existing schema, CREATEIN privilege on the schema.
- DBADM authority
The privileges held by the authorization ID of the statement must also include all of the privileges necessary to invoke the SQL statements that are specified in the procedure body.
To replace an existing procedure, the authorization ID of the statement must be the owner of the existing procedure (SQLSTATE 42501).
Group privileges are not considered for any table or view specified in the CREATE PROCEDURE (SQL) statement.