DB2 9.7 Grant Execute SP
Hi,
We are on DB2 9.7 Linux OS.
We have a Stored Procedure SP_CLIENT_PROGRAM which calls a lot of other Stored Procedures and has a number of tables involved in Select and Inserts.
We have a user group "MDUSER" to which we granted execute on the Stored procedure "SP_CLIENT_PROGRAM".
But that didn't do any good to the users under that group, as they apparently needed access on those individual SPs and tables inside SP_CLIENT_PROGRAM.
Is there a way to grant execute on the SP without granting the objects under it and the user be able to execute it successfully?
We are on DB2 9.7 Linux OS.
We have a Stored Procedure SP_CLIENT_PROGRAM which calls a lot of other Stored Procedures and has a number of tables involved in Select and Inserts.
We have a user group "MDUSER" to which we granted execute on the Stored procedure "SP_CLIENT_PROGRAM".
But that didn't do any good to the users under that group, as they apparently needed access on those individual SPs and tables inside SP_CLIENT_PROGRAM.
Is there a way to grant execute on the SP without granting the objects under it and the user be able to execute it successfully?
ASKER
We understand the risk, when granting the SP with execute permissions.
Is there no other way of granting the SP cascade?
Is there no other way of granting the SP cascade?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you!
Permissions don't cascade to procedures or packages that a stored procedure or package executes. On one level, it makes sense for the permissions to follow the original procedure, but it becomes a huge security nightmare. Imagine this issues with being able to call a restricted procedure simply by placing a call to it in another stored procedure.
You'll have to grant execute permissions on the procedures that are referenced in the procedure and all that are called as a result of any other procedure being called. Or make them public.
Kent