USER IDENTIFICATION  - IBM Mainframe

Users are known to DB2 by an 'Authorization identifier', auth -id for short. If you are a legitimate user of the system, you must have a user-id given to you by the system administrator. When you sign-on to the system you use this user-id and your password. You are not directly signing-on to DB2, but you will sign-on to some other sub-system like TSO, CICS or IMS/DC. That subsystem will then pass your ID to DB2, when it passes control to DB2. So any validation of your ID is done by the sub-system and not DB2 which simply assumes that since the request has come form a sub-system which has already checked your ID, you have to be a legitimate user.

But in most cases, installations deal with 'user functional areas' rather than individual users. For example, as discussed in the introduction, it would be easier to grant certain authority or privileges to every one in the accounts department.So the operation of a typical installation will be as follows:

Each individual user will have his own authorization ID. This is used to sign-on to the system and serves as the primary ID for the user. Tables and other objects that are private to that user will be created under the control of and will be owned by that primary ID.

DB2 Administrative Authorities Hierarchy

DB2 Administrative Authorities Hierarchy

Each functional area in the organization is also assigned an Authorization ID. However that ID is not given a sign-on authority. Users sign-on using their primary ID and once signed-on, users can operate under their primary ID or switch to their secondary ID (or functional ID) by using the SQL statement' SET CURRENT SQLID = sqlid'.

An external security manager keeps track of the secondary Ids that can be legitimately used by the Primary ID. Thus the same primary ID can have multiple secondary IDs or different Primary IDs can use the same secondary ID.

CURRENT SQLID is a special register like CURRENT TIMESTAMP or CURRENT DATE. Its value is an authorisation ID. The 'sqlid' in the SET CURRENT SQLID = sqlid, can be a character string literal or a host variable or a USER. USER is another special register and its use has an effect of restoring the primary ID as the current ID.


All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

IBM Mainframe Topics