SlideShare ist ein Scribd-Unternehmen logo

Solving the DB2 LUW Administration Dilemma

R
Randy Goering

As a DB2 LUW Database Administrator you are probably reluctant to or prohibited from granting your users* these permissions because doing so gives them permission to other DB2 administrations tasks like stopping the database. If your users are not allowed to do these tasks then who is? Most likely, you, as the DBA will perform these and other administrative functions for your users. Would you like a way to eliminate these tasks from your daily to-do list? This presentation will discuss how to externalize specific administrative tasks with Stored Procedures, Federated procedures, Administrative SQL routines, and views.

1 von 73
Solving the DB2 Database Administration Dilemma Randy Goering DST Systems Inc. rmgoering@gmail.com Session Code D12 May 13, 2010 2:45 PM – 3:45 PM Platform DB2 9 for Linux, UNIX, Windows
Agenda • What Dilemma? • DB2 Security Model Review • Administrative Routines and Views. • Creating a SQL Stored Procedure to execute an administrative function • Setting up a loop back federated database • Configuring security at the Instance, Federated Server, and Stored Procedures
What Dilemma?
What Dilemma? • Authority! •How do you give users the ability to do their job without giving them the ability to do the DBA‘s Job? Definition Dilemma – noun – 1. a situation requiring a choice between equally undesirable alternatives. 2. any difficult or perplexing situation or problem. •How do you give the users the ability to do their job so the DBAs won‘t have to do it for them?
What Dilemma? Client Requests • What is running in the database? • I loaded data to my table now I can‘t access it! • I executed a bad query and now I need to kill it! • Why is my query taking so long? Is it waiting for something? • I need to prevent read access on a table while I insert data. • I need to kill a backup so I can load data.
What Dilemma? What‘s needed What‘s allowed • List applications • Select • List locks • Insert • List utilities • Update • Take backups • Delete • Force applications • Load • Quiesce table or tablespace • Execute
What Dilemma? DB2 administrative functions are authorized at the instance and database level by users being a member in one of the instance or database groups. • SYSMON System monitor authority • SYSMAINT System maintenance authority • SYSCTRL System control authority • SYSADM System administration authority • DBADM Database administration authority • SECADM Security administration authority Our Dilemma has been how do we grant certain privileges to our users without granting them all of the commands in an administrative group. We want to grant permissions ‗a la carte‘.
What Dilemma? Solving Permission Issues (a la carte) Specific Administrative functions can be granted to users. • Using • Administrative Routines and Views • SQL Stored Procedures • Federated Stored Procedures • Eliminating • SYSADM • SYSCTRL • SYSMAINT • SYSMON • DBADM
DB2 9 LUW Security Model Review
DB2 9 LUW Security Model Review Instance Level Authority SYSAD •SYSADM for users managing the M SYSCTRL instance as a whole SYSMAINT •SYSCTRL for users administering a SYSMON database manager instance •SYSMAINT for users administering databases within an instance •SYSMON for users monitoring the instance and its databases
DB2 9 LUW Security Model Review Instance Level Authority db2 get dbm cfg SYSADM group name (SYSADM_GROUP) = SYSCTRL group name (SYSCTRL_GROUP) = SYSMAINT group name (SYSMAINT_GROUP) = SYSMON group name (SYSMON_GROUP) = • db2 update dbm cfg using SYSADM_GROUP = <value> • db2 update dbm cfg using SYSCTRL_GROUP = <value> • db2 update dbm cfg using SYSMAINT_GROUP = <value> • db2 update dbm cfg using SYSMON_GROUP = <value>
DB2 9 LUW Security Model Review SYSMON • MONITOR SWITCHES • SNAPSHOTS • LIST commands • Active databases • Applications • Database partition groups • DCS applications • Packages • Tables • Tablespaces • Tablespace containers • Utilities
DB2 9 LUW Security Model Review SYSMAINT • Backups • Restore to existing Database • Rollforward Recovery • Start or Stop an instance • Quiesce a table space • Tracing • Database system monitor snapshots • Reorganize tables • RUNSTATS • All SYSMON authorities
DB2 9 LUW Security Model Review SYSCTRL • Update a database, node or distributed connection services (DCS) directory • Restore to a new or existing database • Force users off the system • Create or drop a database • Create, drop, or alter a table space • Use any table space • All SYSMAINT and SYSMON authority
DB2 9 LUW Security Model Review SYSADM • Update and restore a database manager configuration parameters • DBM CFG and DB CFG • Specify groups that have SYSADM, SYSCTRL, SYSMAINT and SYSMON • Grant and Revoke table space privileges • Upgrade and restore a database • All SYSCTRL, SYSMAINT, SYSMON authority
DB2 9 LUW Security Model Database Level Authority • SECADM for users managing security • DBADM for users administering a database • ACCESSCTRL for users who need to grant privileges • DATAACCESS for users who need to access data • SQLADM for users who monitor and tune SQL queries • WLMADM for users who manage workloads • EXPLAIN for users who need to explain query plans
DB2 9 LUW Security Model SECADM • Create, alter, comment on, and drop Audit policies • Security label components • Security policies • Trusted contexts • Create, comment on, and drop Roles • Security labels • Grant and revoke database privileges and authorities • Execute audit routines • Grant and revoke Execute privilege on audit routines
DB2 9 LUW Security Model ACCESSCTRL • Grant and revoke the following administrative authorities • EXPLAIN • SQLADM • WLMADM • Grant and revoke the following database authorities • BINDADD • CONNECT • CREATETAB • CREATE_EXTERNAL_ROUTINE • CREATE_NOT_FENCED_ROUTINE • IMPLICIT_SCHEMA • LOAD • QUIESCE_CONNECT • Grant and revoke all privileges on the following objects • Global Variables, Indexes, Nickname, Package, Routine, Schema • Sequence, Server, Table, Table Space, View, XSR Objects • SELECT privilege on the system catalog tables and views
DB2 9 LUW Security Model DATAACCESS • For all tables, views, materialized query tables, and nicknames it gives these authorities and privileges • LOAD authority on the database • SELECT privilege (including system catalog tables and views) • INSERT privilege • UPDATE privilege • DELETE privilege • In addition, DATAACCESS authority provides the following privileges EXECUTE on all packages • EXECUTE on all routines (except audit routines)
DB2 9 LUW Security Model DBADM • Create, alter, drop non-security related database objects • Read log files • Create, activate, and drop event monitors • Query the state of a table space • Update log history files • Quiesce a table space • Reorganize a table • Collect catalog statistics using the RUNSTATS utility
DB2 9 LUW Security Model SQLADM • CREATE EVENT MONITOR • DROP EVENT MONITOR • EXPLAIN • FLUSH EVENT MONITOR • FLUSH OPTIMIZATION PROFILE CACHE • FLUSH PACKAGE CACHE • PREPARE • REORG INDEXES/TABLE • RUNSTATS • SET EVENT MONITOR STATE
DB2 9 LUW Security Model WLMADM • Create, alter, comment on and drop workload manager objects • Grant and revoke workload privileges • EXECUTE privilege on the system-defined workload management routines
Administrative Routines and Views
Administrative routines and views DB2 LUW administrative views provide an easy-to-use application programming interface to DB2 administrative functions through SQL. • Collection of • Views • Table Functions • Invoked from • SQL-based application • DB2 command • Command script
Categories of Administrative Routines and Views • Solution uses routines in the following categories: • Snapshot administrative SQL routines and views • ADMIN_CMD stored procedure and associated administrative SQL routines • Monitor routines and views
Snapshot administrative SQL routines and views • Samples of administrative views • APPLICATIONS administrative view • This administrative view returns information on connected database applications. • LOCKS_HELD administrative view • This administrative view returns information on current locks held. • LOCKWAITS administrative view • This administrative view returns information on locks that are waiting to be granted. • LONG_RUNNING_SQL administrative view • This administrative view returns the longest running SQL statements in the currently connected database. • TOP_DYNAMIC_SQL administrative view • This administrative view returns the top dynamic SQL statements sortable by number of executions, average execution time, number of sorts, or sorts per statement.
APPLICATIONS administrative view • Returns information on connected database applications. • LIST APPLICATIONS SHOW DETAIL command. SELECT AGENT_ID,SUBSTR(APPL_NAME,1,32) AS APPL_NAME, SUBSTR(AUTHID,1,32),APPL_STATUS FROM SYSIBMADM.APPLICATIONS FOR READ ONLY WITH UR AGENT_ID APPL_NAME AUTHID APPL_STATUS ----- -------------------- ------- ----------- 16096 db2wlmd DBADMIN CONNECTED 16095 db2taskd DBADMIN CONNECTED 16108 QuestCentral.exe DBADMIN UOWWAIT 16101 db2evmg_DB2DETAILDEA DBADMIN CONNECTED Authorization One of SYSADM, SYSCTRL, SYSMAINT, SYSMON
SNAP_GET_APPL_INFO_V95 table function • Table Function to return information about applications from an application snapshot. • Examples Select * FROM TABLE(SNAP_GET_APPL_INFO_V95( dbname)) AS T Select * FROM TABLE(SNAP_GET_APPL_INFO_V95(‗‘)) AS T Use an empty string to return applications on current database Select * FROM TABLE(SNAP_GET_APPL_INFO_V95(NULL)) AS T Use NULL to get list of all applications on the instance • Authorization SYSMON EXECUTE on the get SNAP_GET_APPL_INFO table function
LOCKS_HELD administrative view SELECT DB_NAME, AGENT_ID, APPL_NAME, AUTHID, TBSP_NAME, TABSCHEMA, TABNAME, LOCK_OBJECT_TYPE, LOCK_MODE FROM SYSIBMADM.LOCKS_HELD DB_NAME AGENT_ID APPL_NAME AUTHID TBSP_NAME TABSCHEMA TABNAME LOCK_OBJECT_TYPE LOCK_MODE TST00XXX 6004 express_cheese SWISS [Null] [Null] [Null] INTERNALV_LO CK S TST00XXX 6004 express_cheese SWISS [Null] [Null] [Null] INTERNALP_LO CK S TST00XXX 5267 express_cheese SWISS [Null] [Null] [Null] INTERNALP_LO CK S TST00XXX 5267 espress_cheese SWISS SYSCATSPACE SYSIBM SYSUSERAUTH TABLE_LO CK IS TST00XXX 5266 express_cheese SWISS REP DPS REP_MAINT RO W_LO CK X TST00XXX 5266 express_cheese SWISS CO NTACT DPS CO NTACT RO W_LO CK X TST00XXX 5266 express_cheese SWISS REP DPS REP_ENTITY_AUDIT RO W_LO CK X Authorizations One of SYSADM, SYSCTRL, SYSMAINT, SYSMON
LOCKWAITS administrative view SELECT SUBSTR(A.DB_NAME,1,10) AS DB_NAME , A.SNAPSHOT_TIMESTAMP, LOCK_WAIT_START_TIME , A.AGENT_ID , SUBSTR(A.AUTHID,1,12) as AUTHID , AGENT_ID_HOLDING_LK , SUBSTR(A.APPL_NAME,1,32) AS APPL_NAME, SUBSTR(TABSCHEMA,1,10) AS SCHEMA , SUBSTR(TABNAME,1,32) AS TABLE , SUBSTR(TBSP_NAME,1,32) AS TABLESPACE , LOCK_OBJECT_TYPE , LOCK_MODE , LOCK_MODE_REQUESTED , cast(SUBSTR(B.STMT_TEXT,1,256) AS VARCHAR(256) ) AS STMT_TEXT FROM SYSIBMADM.LOCKWAITS Authorizations One of SYSADM, SYSCTRL, SYSMAINT, SYSMON
ADMIN_CMD stored procedure and associated administrative SQL routines The ADMIN_CMD procedure is used by applications to run administrative commands using the SQL CALL statement. The procedure currently supports the following DB2 command line processor (CLP) commands • AUTOCONFIGURE • BACKUP - online only • DESCRIBE • EXPORT • FORCE APPLICATION • IMPORT • LOAD • PRUNE HISTORY/LOGFILE • QUIESCE DATABASE • QUIESCE TABLESPACES FOR TABLE • REDISTRIBUTE • REORG INDEXES/TABLE • RESET ALERT CONFIGURATION • RESET DATABASE CONFIGURATION • RESET DATABASE MANAGER CONFIGURATION • RUNSTATS • UNQUIESCE DATABASE • UPDATE DATABASE CONFIGURATION • UPDATE DATABASE MANAGER CONFIGURATION • UPDATE HEALTH NOTIFICATION CONTACT LIST • UPDATE HISTORY
ADMIN_CMD stored procedure and associated administrative SQL routines • FORCE APPLICATION command using the ADMIN_CMD procedure • CALL SYSPROC.ADMIN_CMD( ‗force application (6108)‘) Authorizations One of SYSADM, SYSCTRL, SYSMAINT
ADMIN_CMD stored procedure and associated administrative SQL routines • BACKUP DATABASE command using the ADMIN_CMD procedure • CALL SYSPROC.ADMIN_CMD('backup db dbasamp1 online use tsm') Authorizations One of SYSADM ,SYSCTRL,SYSMAINT
ADMIN_CMD stored procedure and associated administrative SQL routines QUIESCE TABLESPACES FOR TABLE command using the ADMIN_CMD procedure • CALL SYSPROC.ADMIN_CMD( 'quiesce tablespaces for table H9X exclusive' ) Authorizations One of SYSADM, SYSCTRL, SYSMAINT, DBADM,LOAD
Creating a SQL Stored Procedure to execute an administrative function
Creating a Stored Procedure Types of Procedures • SQL • Written in SQL and defined on the current database. • Sourced • Procedure that references a source procedure (SQL) • Also know as a federated procedure • Defined on current or remote database • External • Written in a programming language
SQL Procedure Definitions • Create Statement • Procedure Name • Parameters List • Options • SQL Body • Authorization • IMPLICIT_SCHEMA • CREATEIN • DBADM • Must also have permissions to execute all SQL contained in procedure
Create Procedure Statement • CREATE PROCEDURE procedure name (IN|OUT|INOUT parameter | data type | default clause ) option list | SQL procedure body CREATE PROCEDURE SP_FORCE_APP • (IN | OUT | INOUT parameter-name data-type default-clause, …) CREATE PROCEDURE SP_FORCE_APP (IN VAGENT CHAR(16))
SQL Procedure Options • SPECIFIC unique_name • DYNAMIC RESULT SETS integer • LANGUAGE SQL • CALLED ON NULL INPUT • EXTERNAL ACTION • OLD SAVEPOINT LEVEL • INHERIT SPECIAL REGISTERS • CONTAINS SQL, READS SQL DATA, MODIFIES SQL DATA CREATE PROCEDURE SP_FORCE_APP (IN VAGENT CHAR(16)) SPECIFIC DBA.SP_FORCE_AGENTID LANGUAGE SQL CONTAINS SQL
SQL Procedure Body BEGIN Variable declarations Condition declarations Cursor declarations Condition handler declarations Assignment Flow of control SQL statements and other compound statements END
SQL Procedure Execution • SQL procedure invoked by using the CALL statement. • Passing of parameters • Receiving of parameters • Result sets returned • SQL Procedures can be invoked from: • an embedded SQL client application • an external routine (procedure, UDF, or method) • an SQL routine (procedure, UDF, or method) • an SQL trigger (BEFORE TRIGGER, AFTER TRIGGER, or INSTEAD OF TRIGGER) • an SQL dynamic compound statement • from the Command Line Processor (CLP) • Examples • CALL DBA.SP_FORCE_APP (‗21235‘) • CALL DBA.SP_LIST_APPLICATIONS()
SQL Procedures Examples of SQL Procedures Called by the Federated Procedures only. • DBA.SP_LIST_APPLICATIONS() • DBA.SP_LIST_LOCKWAITS() • DBA.SP_FORCE_AGENTID() • DBA.SP_LIST_LOCKWAITS() • DBA.SP_GET_CURRENT_AGENTID() • DBA.SP_FORCE_BACKUP() • DBA.SP_CHECK_UTILITY_STATUS() • DBA.SP_BACKUP_DATABASE() • DBA.SP_FORCE_APP_BY_TABLE()
SP_LIST_APPLICATIONS Using Administrative View CREATE PROCEDURE DBA.SP_LIST_APPLICATIONS( ) {OPTIONS} BEGIN { DECLARE} SELECT AGENT_ID , SUBSTR(APPL_NAME,1,32) AS APPL_NAME , SUBSTR(AUTHID,1,32) AS AUTHID , APPL_STATUS, APPL_ID FROM SYSIBMADM.APPLICATIONS WHERE DB_NAME = DB FOR READ ONLY WITH UR; VALUES CURRENT SERVER INTO DB; OPEN C1; END
SP_LIST_APPLICATIONS Using Table Function CREATE PROCEDURE DBA.SP_LIST_ALL_APPLICATIONS (IN VDBNAME VARCHAR(128)) SPECIFIC DBA.SP_LST_ALL_APPLICATIONS {OPTIONS} BEGIN {DECLARE} SELECT SNAPSHOT_TIMESTAMP , SUBSTR(DB_NAME,1,10) AS DB_NAME , CAST(AGENT_ID AS CHAR(10)) AS AGENT_ID ,SUBSTR(APPL_NAME,1,24) AS APPL_NAME , SUBSTR(PRIMARY_AUTH_ID,1,10) AS PRIMARY_AUTH_ID , SUBSTR(APPL_STATUS, 1,12) AS APPL_STATUS , SUBSTR(CLIENT_NNAME,1,16) AS CLIENT_NNAME FROM TABLE(SNAP_GET_APPL_INFO_V95( VDBNAME )) AS T WHERE IS_SYSTEM_APPL = 0 and PRIMARY_AUTH_ID NOT IN (SELECT UPPER(INST_NAME) FROM SYSIBMADM.ENV_INST_INFO) FOR READ ONLY WITH UR; OPEN C1; END
Setting up a loop back federated database
Federation • Unites multiple databases or data sources. Definition • Acts like a central database. fed·er·ate – verb – 1. to unite. • Each database or data source remains independent. Definition fed·er·a·tion - noun – 1. the act of federating or uniting. 2. the formation of a political unity, with a central government, by a number of separate states, each of which retains control of its own internal affairs.
Federation Benefits • Correlate data from local tables and remote data sources, as if all the data is stored locally in the federated database. • Update data in relational data sources, as if the data is stored in the federated database. • Move data to and from relational data sources. • Take advantage of the data source processing strengths, by sending requests to the data sources for processing. • Compensate for SQL limitations at the data source by processing parts of a distributed request at the federated server.
Heterogeneous Federation • Federation between DB2 family and Informix data sources. • Federation between non DB2 Relational Database Systems. • Federation between non relational data sources. • Access to non DB2 family data sources requires IBM InfoSphere Federation Server.
Components of heterogeneous DB2 federated system
Homogeneous Federation Federation between DB2 LUW and other DB2 family and Informix data sources only. • Available in: • DB2 Enterprise Server Edition • DB2 Workgroup Server Edition • DB2 Express Edition • No additional software or licenses required.
Components of homogeneous DB2 federated system Source DB Target DB SQL D Nicknames DB2 R DB2 Family D Family A User Mappings Wrappers and SDB.TB1 Functions TDB.TB2 SELECT SDB.COL1 FROM SDB.TB1 SELECT TDB.COL1 FROM TDB.TB2 SELECT SDB.COL1, TDB.COL1 FROM SDB.TB1 AS SDB, TDB.TB2 AS TDB
Federation System • DB2 instance that operates as a federated server. • DB2 database that acts as the federated database. • One or more data sources. • Clients (users and applications) that access the database and data sources.
Components of a loop back DB2 federated system • One DB2 Database Manager Instance. • One DB2 Database. • One Data Source. • Multiple SQL Procedures. • Multiple Federated Procedures. Source Database SQL D Federated DB2 R Procedures Family D A SQL Procedures User Mappings Wrappers and Target Database Functions
The Federated Server • The DB2 instance that manages the federated system is called a server because it responds to requests from end users and client applications. • Any number of DB2 instances can be configured to function as federated servers. • Application processes connect and submit requests to the database within the federated server. • A federated server is configured to receive requests that might be partially or entirely intended for data sources. The federated server distributes these requests to the data sources. • A federated server uses DRDA communication protocols (over TCP/IP) to communicate with DB2 family instances. • A Federated server also uses the native client of the data source to access the data source. For example, a federated server uses the Sybase Open Client to access Sybase data sources and an Microsoft® SQL Server ODBC Driver to access Microsoft SQL Server data sources.
Configuring the Federated Server • Configure at the instance by updating the Database Management Configuration parameter. • FEDERATED • DB2 UPDATE DATABASE MANAGER CONFIGURATION USING FEDERATED YES • CONNECTION CONCENTRATOR • Federated database system support and concentrator feature cannot be active at the same time. • Must be off by setting • MAX_CONNECTIONS = MAX_COORDAGENTS
The Federated Database • System catalog contains entries that identify data sources and their characteristics. • The federated server consults the system catalog and the data source wrapper to determine the best plan for processing SQL statements. • The federated system processes SQL statements as if the data from the data sources were ordinary relational tables or views within the federated databases. • The federated system can correlate relational data with data in non-relational formats. • The characteristics of the federated database take precedence when there are differences between the characteristics of the federated database and the characteristics of the data sources. • Query results conform to DB2 semantics, even if data from other non-DB2 data sources is used to compute the query result. • A federated database is a database with one or more data sources defined.
The Data Source • A data source is data that resides outside of the federated database. • A data source can be a relational database or a non-relational data type. • A federated system does not monopolize or restrict access to the other data sources, beyond integrity and locking constraints. • The method, or protocol, used to access a data source depends on the type of data source. • The data source is accessed via a data source wrapper.
Data Source Wrapper • Wrappers are mechanisms by which the federated database interacts with data sources. • You create one wrapper for each type of data source that you want to access. • These routines allow the federated database to perform operations such as connecting to a data source and retrieving data from it iteratively. • The federated server provides connectivity to DB2 data sources by using the open DRDA protocol. • This support is equivalent to that provided by the DB2 Connect server. • You can use the DRDA wrapper with all DB2 family data source objects—DB2 Database for Linux, UNIX, and Windows, DB2 for z/OS, DB2 for System I, and DB2 Server for VM and VSE.
Create Data Source Wrapper • DB2 CREATE WRAPPER DRDA OPTIONS (DB2_FENCED ‗N‘) • You can register a wrapper as fenced or trusted using the DB2_FENCED wrapper option. • FENCED - processes that are separate from the database agent. • NOT_FENCED – processes that are within the database agent. • The sourced (federated) procedure cannot be created or invoked using a wrapper defined as fenced. Authorizations One of SYSADM, DBADM
Create Server Definition • Use the CREATE SERVER statement to register DB2 data source definitions. • A server definition for relational data sources usually represents a remote database. • CREATE SERVER―DBATOOLS‖ TYPE DB2/AIX VERSION ‗9‘ WRAPPER ―DRDA‖ AUTHORIZATION ―INSTID‖ PASSWORD ―INSTPWD‖ OPTIONS(ADD NODE ‗SPINODE‘, ADD DBNAME ‗SPI00001‘) • Catalog node and database • db2 catalog tcpip node SPINODE REMOTE 127.0.0.1 SERVER 50000 • db2 catalog database SOURCEDB AS SCPI0001 AT NODE SPINODE Authorizations One of SYSADM, DBADM
Create User Mappings • A user mapping is an association between an authorization ID on the federated server and the information that is required to connect to the remote data source. • CREATE USER MAPPING FOR ―RANDY‖ SERVER DBATOOLS OPTIONS (REMOTE_AUTHID ‗SYSADMID‘, REMOTE_PASSWORD mypasswd1) This is the Key to our Solution. By mapping a users ID to an ID with the authority to execute administrative commands we can provide authorities a la carte.
Creating a Federated Stored Procedure
Create Federated Procedure • A Federated Procedure is a procedure on the federated database that executes a SQL procedure on the data source. • Authorization • IMPLICIT_SCHEMA • CREATEIN • DBADM • Must also have permissions to execute all SQL contained in procedure
Create Federated Procedure • Syntax • CREATE PRODEDURE procedure name | source procedure clause |option list | SOURCE | source object name | NUMBER OF PARAMETERS integer FOR SERVER server name Example CREATE PROCEDURE SPI.SP_LIST_APPLICATIONS SOURCE DBA.SP_LIST_APPLICATIONS NUMBER OF PARAMETERS 0 FOR SERVER DBSERV WITH RETURN TO CLIENT ALL
Federated procedures • SPI.SP_LIST_APPLICATIONS() CREATE PROCEDURE SP_LIST_APPLICATIONS SOURCE DBA.SP_LIST_APPLICATIONS NUMBER OF PARAMETERS 0 FOR SERVER DBATOOLS SPECIFIC SPI_LIST_APPLICATIONS WITH RETURN TO CLIENT ALL • SPI.SP_FORCE_AGENTID CREATE PROCEDURE SP_FORCE_AGENTID SOURCE DBA.SP_FORCE_AGENTID NUMBER OF PARAMETERS 1 FOR SERVER DBATOOLS SPECIFIC SPI_FORCE_AGENTID WITH RETURN TO CLIENT ALL
Federated procedures Example Federated Procedures. Schema is SPI (Solving Permission Issues) • SPI.SP_LIST_APPLICATIONS() • SPI.SP_LIST_LOCKWAITS() • SPI.SP_FORCE_AGENTID() • SPI.SP_LIST_LOCKWAITS() Called by the Users • SPI.SP_GET_CURRENT_AGENTID() • SPI.SP_FORCE_BACKUP() • SPI.SP_CHECK_UTILITY_STATUS() • SPI.SP_BACKUP_DATABASE() • SPI.SP_FORCE_APP_BY_TABLE()
Solving Permission Issues Client s Federated Procedure Node Federated Server Databas e Catalog Adm. SQL Views Procedure Table s Func.
Configuring security at the Instance, Federated Server, and Stored Procedures • Grant execute permissions on federated procedures to users. • Grant permission to SQL procedures only to non client IDs. • Revoke permissions from SYSIBMADM routines and views from public and client IDs. • Create a group and ID for each of the instance level security groups. • Create user mappings to use ID with minimum level of authority needed to execute command. • Restrict permission on SYSCAT.USEROPTIONS
Summary • Grant permissions a la carte by using • Administrative Routines and Views in • SQL Stored Procedure invoked by a • Federated Stored procedure • Defined in a Federated System
Resources • IBM DB2 Database for Linux, UNIX, and Windows Information Center V9.7 • http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp • IBM DB2 Database for Linux, UNIX, and Windows Information Center V9.5 • http://publib.boulder.ibm.com/infocenter/db2luw/v9r5/index.jsp
DST Systems, Inc. DST Systems, Inc. provides sophisticated information processing and computer software services and products that help clients improve productivity, increase efficiency, and provide higher levels of customer service. http//www.dstsystems.com/ E-mail webmaster@dstsystems.com Celebrating Phone 888.DST.INFO 40 Years Founded in 1969 as a division of Kansas City Southern Industries, DST was established to develop an automated recordkeeping system for the mutual of Excellence fund industry. DST has supported the industry‘s continued growth and is the largest provider of third-party shareholder recordkeeping services in the United States today. Headquartered in Kansas City, Missouri, DST is a publicly traded company on the New York Stock Exchange (Symbol DST) that employs approximately 11,000 associates, both domestically and internationally.
QUESTIONS?
Randy Goering DST Systems Inc. rmgoering@gmail.com Session Code D12 May 13, 2010 2:45 PM – 3:45 PM

Empfohlen

IBM DB2 for z/OS Administration Basics
IBM DB2 for z/OS Administration BasicsIBM DB2 for z/OS Administration Basics
IBM DB2 for z/OS Administration BasicsIBM
 
SKILLWISE-DB2 DBA
SKILLWISE-DB2 DBASKILLWISE-DB2 DBA
SKILLWISE-DB2 DBASkillwise Group
 
DB2 for z/OS Architecture in Nutshell
DB2 for z/OS Architecture in NutshellDB2 for z/OS Architecture in Nutshell
DB2 for z/OS Architecture in NutshellCuneyt Goksu
 
Practical Recipes for Daily DBA Activities using DB2 9 and 10 for z/OS
Practical Recipes for Daily DBA Activities using DB2 9 and 10 for z/OSPractical Recipes for Daily DBA Activities using DB2 9 and 10 for z/OS
Practical Recipes for Daily DBA Activities using DB2 9 and 10 for z/OSCuneyt Goksu
 
DB2 Basic Commands - UDB
DB2 Basic Commands - UDBDB2 Basic Commands - UDB
DB2 Basic Commands - UDBSrinimf-Slides
 
Db2 Important questions to read
Db2 Important questions to readDb2 Important questions to read
Db2 Important questions to readPrasanth Dusi
 
IBM DB2 LUW UDB DBA Online Training by Etraining.guru
IBM DB2 LUW UDB DBA Online Training by Etraining.guruIBM DB2 LUW UDB DBA Online Training by Etraining.guru
IBM DB2 LUW UDB DBA Online Training by Etraining.guruRavikumar Nandigam
 
DB2 utilities
DB2 utilitiesDB2 utilities
DB2 utilitiesUdayakumar Suseendran
 

Empfohlen

IBM DB2 for z/OS Administration Basics
IBM DB2 for z/OS Administration BasicsIBM DB2 for z/OS Administration Basics
IBM DB2 for z/OS Administration BasicsIBM
 
SKILLWISE-DB2 DBA
SKILLWISE-DB2 DBASKILLWISE-DB2 DBA
SKILLWISE-DB2 DBASkillwise Group
 
DB2 for z/OS Architecture in Nutshell
DB2 for z/OS Architecture in NutshellDB2 for z/OS Architecture in Nutshell
DB2 for z/OS Architecture in NutshellCuneyt Goksu
 
Practical Recipes for Daily DBA Activities using DB2 9 and 10 for z/OS
Practical Recipes for Daily DBA Activities using DB2 9 and 10 for z/OSPractical Recipes for Daily DBA Activities using DB2 9 and 10 for z/OS
Practical Recipes for Daily DBA Activities using DB2 9 and 10 for z/OSCuneyt Goksu
 
DB2 Basic Commands - UDB
DB2 Basic Commands - UDBDB2 Basic Commands - UDB
DB2 Basic Commands - UDBSrinimf-Slides
 
Db2 Important questions to read
Db2 Important questions to readDb2 Important questions to read
Db2 Important questions to readPrasanth Dusi
 
IBM DB2 LUW UDB DBA Online Training by Etraining.guru
IBM DB2 LUW UDB DBA Online Training by Etraining.guruIBM DB2 LUW UDB DBA Online Training by Etraining.guru
IBM DB2 LUW UDB DBA Online Training by Etraining.guruRavikumar Nandigam
 
DB2 utilities
DB2 utilitiesDB2 utilities
DB2 utilitiesUdayakumar Suseendran
 
DB2 LUW - Backup and Recovery
DB2 LUW - Backup and RecoveryDB2 LUW - Backup and Recovery
DB2 LUW - Backup and Recoveryimranasayed
 
DB2 TABLESPACES
DB2 TABLESPACESDB2 TABLESPACES
DB2 TABLESPACESRahul Anand
 
DB2 and storage management
DB2 and storage managementDB2 and storage management
DB2 and storage managementCraig Mullins
 
Best practices for DB2 for z/OS log based recovery
Best practices for DB2 for z/OS log based recoveryBest practices for DB2 for z/OS log based recovery
Best practices for DB2 for z/OS log based recoveryFlorence Dubois
 
Db2
Db2Db2
Db2yboren
 
Ibm db2
Ibm db2Ibm db2
Ibm db2aditi212
 
Db2 tutorial
Db2 tutorialDb2 tutorial
Db2 tutorialThe Vision and Insight Corner
 
DB2UDB_the_Basics
DB2UDB_the_BasicsDB2UDB_the_Basics
DB2UDB_the_BasicsPranav Prakash
 
DB2 for z/OS Bufferpool Tuning win by Divide and Conquer or Lose by Multiply ...
DB2 for z/OS Bufferpool Tuning win by Divide and Conquer or Lose by Multiply ...DB2 for z/OS Bufferpool Tuning win by Divide and Conquer or Lose by Multiply ...
DB2 for z/OS Bufferpool Tuning win by Divide and Conquer or Lose by Multiply ...John Campbell
 
DB2 for z/OS - Starter's guide to memory monitoring and control
DB2 for z/OS - Starter's guide to memory monitoring and controlDB2 for z/OS - Starter's guide to memory monitoring and control
DB2 for z/OS - Starter's guide to memory monitoring and controlFlorence Dubois
 
Mainframe interview
Mainframe interviewMainframe interview
Mainframe interviewShivankoo Sharma
 
SQL Server Index and Partition Strategy
SQL Server Index and Partition StrategySQL Server Index and Partition Strategy
SQL Server Index and Partition StrategyHamid J. Fard
 
Understanding DB2 Optimizer
Understanding DB2 OptimizerUnderstanding DB2 Optimizer
Understanding DB2 Optimizerterraborealis
 
UTS CONVERSION
UTS CONVERSIONUTS CONVERSION
UTS CONVERSIONUdayakumar Suseendran
 
A DBA’s guide to using TSA
A DBA’s guide to using TSAA DBA’s guide to using TSA
A DBA’s guide to using TSAFrederik Engelen
 
Db2 recovery IDUG EMEA 2013
Db2 recovery IDUG EMEA 2013Db2 recovery IDUG EMEA 2013
Db2 recovery IDUG EMEA 2013Dale McInnis
 
ALL ABOUT DB2 DSNZPARM
ALL ABOUT DB2 DSNZPARMALL ABOUT DB2 DSNZPARM
ALL ABOUT DB2 DSNZPARMIBM
 
2 db2 instance creation
2 db2 instance creation2 db2 instance creation
2 db2 instance creationRavikumar Nandigam
 
Redo log improvements MYSQL 8.0
Redo log improvements MYSQL 8.0Redo log improvements MYSQL 8.0
Redo log improvements MYSQL 8.0Mydbops
 
Presentation db2 best practices for optimal performance
Presentation db2 best practices for optimal performancePresentation db2 best practices for optimal performance
Presentation db2 best practices for optimal performancesolarisyougood
 
DB2DART - DB2Night Show October 2011
DB2DART - DB2Night Show October 2011DB2DART - DB2Night Show October 2011
DB2DART - DB2Night Show October 2011Laura Hood
 
Top 10 DB2 Support Nightmares #10
Top 10 DB2 Support Nightmares #10Top 10 DB2 Support Nightmares #10
Top 10 DB2 Support Nightmares #10Laura Hood
 

Weitere ähnliche Inhalte

Was ist angesagt?

DB2 LUW - Backup and Recovery
DB2 LUW - Backup and RecoveryDB2 LUW - Backup and Recovery
DB2 LUW - Backup and Recoveryimranasayed
 
DB2 and storage management
DB2 and storage managementDB2 and storage management
DB2 and storage managementCraig Mullins
 
Best practices for DB2 for z/OS log based recovery
Best practices for DB2 for z/OS log based recoveryBest practices for DB2 for z/OS log based recovery
Best practices for DB2 for z/OS log based recoveryFlorence Dubois
 
DB2 for z/OS Bufferpool Tuning win by Divide and Conquer or Lose by Multiply ...
DB2 for z/OS Bufferpool Tuning win by Divide and Conquer or Lose by Multiply ...DB2 for z/OS Bufferpool Tuning win by Divide and Conquer or Lose by Multiply ...
DB2 for z/OS Bufferpool Tuning win by Divide and Conquer or Lose by Multiply ...John Campbell
 
DB2 for z/OS - Starter's guide to memory monitoring and control
DB2 for z/OS - Starter's guide to memory monitoring and controlDB2 for z/OS - Starter's guide to memory monitoring and control
DB2 for z/OS - Starter's guide to memory monitoring and controlFlorence Dubois
 
SQL Server Index and Partition Strategy
SQL Server Index and Partition StrategySQL Server Index and Partition Strategy
SQL Server Index and Partition StrategyHamid J. Fard
 
Understanding DB2 Optimizer
Understanding DB2 OptimizerUnderstanding DB2 Optimizer
Understanding DB2 Optimizerterraborealis
 
A DBA’s guide to using TSA
A DBA’s guide to using TSAA DBA’s guide to using TSA
A DBA’s guide to using TSAFrederik Engelen
 
Db2 recovery IDUG EMEA 2013
Db2 recovery IDUG EMEA 2013Db2 recovery IDUG EMEA 2013
Db2 recovery IDUG EMEA 2013Dale McInnis
 
ALL ABOUT DB2 DSNZPARM
ALL ABOUT DB2 DSNZPARMALL ABOUT DB2 DSNZPARM
ALL ABOUT DB2 DSNZPARMIBM
 
Redo log improvements MYSQL 8.0
Redo log improvements MYSQL 8.0Redo log improvements MYSQL 8.0
Redo log improvements MYSQL 8.0Mydbops
 
Presentation db2 best practices for optimal performance
Presentation db2 best practices for optimal performancePresentation db2 best practices for optimal performance
Presentation db2 best practices for optimal performancesolarisyougood
 

Was ist angesagt? (20)

DB2 LUW - Backup and Recovery
DB2 LUW - Backup and RecoveryDB2 LUW - Backup and Recovery
DB2 LUW - Backup and Recovery
 
DB2 TABLESPACES
DB2 TABLESPACESDB2 TABLESPACES
DB2 TABLESPACES
 
DB2 and storage management
DB2 and storage managementDB2 and storage management
DB2 and storage management
 
Best practices for DB2 for z/OS log based recovery
Best practices for DB2 for z/OS log based recoveryBest practices for DB2 for z/OS log based recovery
Best practices for DB2 for z/OS log based recovery
 
Db2
Db2Db2
Db2
 
Ibm db2
Ibm db2Ibm db2
Ibm db2
 
Db2 tutorial
Db2 tutorialDb2 tutorial
Db2 tutorial
 
DB2UDB_the_Basics
DB2UDB_the_BasicsDB2UDB_the_Basics
DB2UDB_the_Basics
 
DB2 for z/OS Bufferpool Tuning win by Divide and Conquer or Lose by Multiply ...
DB2 for z/OS Bufferpool Tuning win by Divide and Conquer or Lose by Multiply ...DB2 for z/OS Bufferpool Tuning win by Divide and Conquer or Lose by Multiply ...
DB2 for z/OS Bufferpool Tuning win by Divide and Conquer or Lose by Multiply ...
 
DB2 for z/OS - Starter's guide to memory monitoring and control
DB2 for z/OS - Starter's guide to memory monitoring and controlDB2 for z/OS - Starter's guide to memory monitoring and control
DB2 for z/OS - Starter's guide to memory monitoring and control
 
Mainframe interview
Mainframe interviewMainframe interview
Mainframe interview
 
SQL Server Index and Partition Strategy
SQL Server Index and Partition StrategySQL Server Index and Partition Strategy
SQL Server Index and Partition Strategy
 
Understanding DB2 Optimizer
Understanding DB2 OptimizerUnderstanding DB2 Optimizer
Understanding DB2 Optimizer
 
UTS CONVERSION
UTS CONVERSIONUTS CONVERSION
UTS CONVERSION
 
A DBA’s guide to using TSA
A DBA’s guide to using TSAA DBA’s guide to using TSA
A DBA’s guide to using TSA
 
Db2 recovery IDUG EMEA 2013
Db2 recovery IDUG EMEA 2013Db2 recovery IDUG EMEA 2013
Db2 recovery IDUG EMEA 2013
 
ALL ABOUT DB2 DSNZPARM
ALL ABOUT DB2 DSNZPARMALL ABOUT DB2 DSNZPARM
ALL ABOUT DB2 DSNZPARM
 
2 db2 instance creation
2 db2 instance creation2 db2 instance creation
2 db2 instance creation
 
Redo log improvements MYSQL 8.0
Redo log improvements MYSQL 8.0Redo log improvements MYSQL 8.0
Redo log improvements MYSQL 8.0
 
Presentation db2 best practices for optimal performance
Presentation db2 best practices for optimal performancePresentation db2 best practices for optimal performance
Presentation db2 best practices for optimal performance
 

Andere mochten auch

DB2DART - DB2Night Show October 2011
DB2DART - DB2Night Show October 2011DB2DART - DB2Night Show October 2011
DB2DART - DB2Night Show October 2011Laura Hood
 
Top 10 DB2 Support Nightmares #10
Top 10 DB2 Support Nightmares #10Top 10 DB2 Support Nightmares #10
Top 10 DB2 Support Nightmares #10Laura Hood
 
db2dart and inspect
db2dart and inspectdb2dart and inspect
db2dart and inspectdbawork
 
DB2 Accounting Reporting
DB2 Accounting ReportingDB2 Accounting Reporting
DB2 Accounting ReportingJohn Campbell
 
Η άλλη πλευρά της Ελλάδας
Η άλλη πλευρά της ΕλλάδαςΗ άλλη πλευρά της Ελλάδας
Η άλλη πλευρά της Ελλάδαςatanatsis
 
test
testtest
testdffdg
 
Webwinkel Vakdagen 2015: Conversie / Conversie optimalisatie #WWV15
Webwinkel Vakdagen 2015: Conversie / Conversie optimalisatie #WWV15Webwinkel Vakdagen 2015: Conversie / Conversie optimalisatie #WWV15
Webwinkel Vakdagen 2015: Conversie / Conversie optimalisatie #WWV15Wieger Waardenburg
 
ΤΑ ΑΘΛΗΤΙΚΑ ΣΩΜΑΤΕΙΑ ΤΗΣ ΠΕΡΙΟΧΗΣ ΜΑΣ
ΤΑ ΑΘΛΗΤΙΚΑ ΣΩΜΑΤΕΙΑ ΤΗΣ ΠΕΡΙΟΧΗΣ ΜΑΣΤΑ ΑΘΛΗΤΙΚΑ ΣΩΜΑΤΕΙΑ ΤΗΣ ΠΕΡΙΟΧΗΣ ΜΑΣ
ΤΑ ΑΘΛΗΤΙΚΑ ΣΩΜΑΤΕΙΑ ΤΗΣ ΠΕΡΙΟΧΗΣ ΜΑΣEllh
 
Σύγχρονες προσεγγίσεις στη διδακτική μεθοδολογία και τπε
Σύγχρονες προσεγγίσεις στη διδακτική μεθοδολογία και τπεΣύγχρονες προσεγγίσεις στη διδακτική μεθοδολογία και τπε
Σύγχρονες προσεγγίσεις στη διδακτική μεθοδολογία και τπεEllh
 
20101227营销模拟期末报告演示文稿final report on marketing simulation course
20101227营销模拟期末报告演示文稿final report on marketing simulation course20101227营销模拟期末报告演示文稿final report on marketing simulation course
20101227营销模拟期末报告演示文稿final report on marketing simulation course宇 华
 
ITを使った新規ビジネスを考えてみよう
ITを使った新規ビジネスを考えてみようITを使った新規ビジネスを考えてみよう
ITを使った新規ビジネスを考えてみようAtsushi Nakamoto
 
Εκπαιδευτικά Σενάρια και εφαρμογές για το Νηπιαγωγείο με τη χρήση του Διαδικτ...
Εκπαιδευτικά Σενάρια και εφαρμογές για το Νηπιαγωγείο με τη χρήση του Διαδικτ...Εκπαιδευτικά Σενάρια και εφαρμογές για το Νηπιαγωγείο με τη χρήση του Διαδικτ...
Εκπαιδευτικά Σενάρια και εφαρμογές για το Νηπιαγωγείο με τη χρήση του Διαδικτ...Ellh
 
Mat o prat - bättre hälsa med digitala piller?
Mat o prat - bättre hälsa med digitala piller?Mat o prat - bättre hälsa med digitala piller?
Mat o prat - bättre hälsa med digitala piller?Dag Forsén
 
Energy in ecosystems
Energy in ecosystemsEnergy in ecosystems
Energy in ecosystemsjaccalder
 
Sipsa wb presentation
Sipsa wb presentationSipsa wb presentation
Sipsa wb presentationjaccalder
 
ο αγώνας για τη γυναικεία ψήφο
ο αγώνας για τη γυναικεία ψήφοο αγώνας για τη γυναικεία ψήφο
ο αγώνας για τη γυναικεία ψήφοEllh
 
Rmx Of America Brochure
Rmx Of America BrochureRmx Of America Brochure
Rmx Of America Brochuredoncassano
 

Andere mochten auch (20)

DB2DART - DB2Night Show October 2011
DB2DART - DB2Night Show October 2011DB2DART - DB2Night Show October 2011
DB2DART - DB2Night Show October 2011
 
Top 10 DB2 Support Nightmares #10
Top 10 DB2 Support Nightmares #10Top 10 DB2 Support Nightmares #10
Top 10 DB2 Support Nightmares #10
 
db2dart and inspect
db2dart and inspectdb2dart and inspect
db2dart and inspect
 
DB2 Accounting Reporting
DB2 Accounting ReportingDB2 Accounting Reporting
DB2 Accounting Reporting
 
Η άλλη πλευρά της Ελλάδας
Η άλλη πλευρά της ΕλλάδαςΗ άλλη πλευρά της Ελλάδας
Η άλλη πλευρά της Ελλάδας
 
test
testtest
test
 
Unio
UnioUnio
Unio
 
Webwinkel Vakdagen 2015: Conversie / Conversie optimalisatie #WWV15
Webwinkel Vakdagen 2015: Conversie / Conversie optimalisatie #WWV15Webwinkel Vakdagen 2015: Conversie / Conversie optimalisatie #WWV15
Webwinkel Vakdagen 2015: Conversie / Conversie optimalisatie #WWV15
 
ΤΑ ΑΘΛΗΤΙΚΑ ΣΩΜΑΤΕΙΑ ΤΗΣ ΠΕΡΙΟΧΗΣ ΜΑΣ
ΤΑ ΑΘΛΗΤΙΚΑ ΣΩΜΑΤΕΙΑ ΤΗΣ ΠΕΡΙΟΧΗΣ ΜΑΣΤΑ ΑΘΛΗΤΙΚΑ ΣΩΜΑΤΕΙΑ ΤΗΣ ΠΕΡΙΟΧΗΣ ΜΑΣ
ΤΑ ΑΘΛΗΤΙΚΑ ΣΩΜΑΤΕΙΑ ΤΗΣ ΠΕΡΙΟΧΗΣ ΜΑΣ
 
resume
resumeresume
resume
 
Σύγχρονες προσεγγίσεις στη διδακτική μεθοδολογία και τπε
Σύγχρονες προσεγγίσεις στη διδακτική μεθοδολογία και τπεΣύγχρονες προσεγγίσεις στη διδακτική μεθοδολογία και τπε
Σύγχρονες προσεγγίσεις στη διδακτική μεθοδολογία και τπε
 
20101227营销模拟期末报告演示文稿final report on marketing simulation course
20101227营销模拟期末报告演示文稿final report on marketing simulation course20101227营销模拟期末报告演示文稿final report on marketing simulation course
20101227营销模拟期末报告演示文稿final report on marketing simulation course
 
ITを使った新規ビジネスを考えてみよう
ITを使った新規ビジネスを考えてみようITを使った新規ビジネスを考えてみよう
ITを使った新規ビジネスを考えてみよう
 
Εκπαιδευτικά Σενάρια και εφαρμογές για το Νηπιαγωγείο με τη χρήση του Διαδικτ...
Εκπαιδευτικά Σενάρια και εφαρμογές για το Νηπιαγωγείο με τη χρήση του Διαδικτ...Εκπαιδευτικά Σενάρια και εφαρμογές για το Νηπιαγωγείο με τη χρήση του Διαδικτ...
Εκπαιδευτικά Σενάρια και εφαρμογές για το Νηπιαγωγείο με τη χρήση του Διαδικτ...
 
Mat o prat - bättre hälsa med digitala piller?
Mat o prat - bättre hälsa med digitala piller?Mat o prat - bättre hälsa med digitala piller?
Mat o prat - bättre hälsa med digitala piller?
 
Energy in ecosystems
Energy in ecosystemsEnergy in ecosystems
Energy in ecosystems
 
Sipsa wb presentation
Sipsa wb presentationSipsa wb presentation
Sipsa wb presentation
 
ο αγώνας για τη γυναικεία ψήφο
ο αγώνας για τη γυναικεία ψήφοο αγώνας για τη γυναικεία ψήφο
ο αγώνας για τη γυναικεία ψήφο
 
Teknikspaning
TeknikspaningTeknikspaning
Teknikspaning
 
Rmx Of America Brochure
Rmx Of America BrochureRmx Of America Brochure
Rmx Of America Brochure
 

Ähnlich wie Solving the DB2 LUW Administration Dilemma

Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Rolta
 
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAsOracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAsZohar Elkayam
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oraclexKinAnx
 
Oracle Database Security For Developers
Oracle Database Security For DevelopersOracle Database Security For Developers
Oracle Database Security For DevelopersSzymon Skorupinski
 
Teradata Partners 2011 - Utilizing Teradata Express For Development And Sandb...
Teradata Partners 2011 - Utilizing Teradata Express For Development And Sandb...Teradata Partners 2011 - Utilizing Teradata Express For Development And Sandb...
Teradata Partners 2011 - Utilizing Teradata Express For Development And Sandb...monsonc
 
2008 Collaborate IOUG Presentation
2008 Collaborate IOUG Presentation2008 Collaborate IOUG Presentation
2008 Collaborate IOUG PresentationBiju Thomas
 
DataBase Management systems (IM).pptx
DataBase Management systems (IM).pptxDataBase Management systems (IM).pptx
DataBase Management systems (IM).pptxGooglePay16
 
online training for IBM DB2 LUW UDB DBA
online training for IBM DB2 LUW UDB DBAonline training for IBM DB2 LUW UDB DBA
online training for IBM DB2 LUW UDB DBARavikumar Nandigam
 
IBM DB2 LUW UDB DBA Online Training by Etraining Guru In Hyderabad
IBM DB2 LUW UDB DBA Online Training by Etraining Guru In HyderabadIBM DB2 LUW UDB DBA Online Training by Etraining Guru In Hyderabad
IBM DB2 LUW UDB DBA Online Training by Etraining Guru In HyderabadRavikumar Nandigam
 
IBM DB2 LUW UDB DBA Training by www.etraining.guru
IBM DB2 LUW UDB DBA Training by www.etraining.guruIBM DB2 LUW UDB DBA Training by www.etraining.guru
IBM DB2 LUW UDB DBA Training by www.etraining.guruRavikumar Nandigam
 
IBM DB2 LUW/UDB DBA Training by www.etraining.guru
IBM DB2 LUW/UDB DBA Training by www.etraining.guruIBM DB2 LUW/UDB DBA Training by www.etraining.guru
IBM DB2 LUW/UDB DBA Training by www.etraining.guruRavikumar Nandigam
 
PHP Roadshow - MySQL Database Essentials
PHP Roadshow - MySQL Database EssentialsPHP Roadshow - MySQL Database Essentials
PHP Roadshow - MySQL Database EssentialsCherrie Ann Domingo
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directoryrwgorrel
 

Ähnlich wie Solving the DB2 LUW Administration Dilemma (20)

DB2 LUW Auditing
DB2 LUW AuditingDB2 LUW Auditing
DB2 LUW Auditing
 
Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.
 
Oracle DBA
Oracle DBAOracle DBA
Oracle DBA
 
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAsOracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
 
Auditing DB2 on z/OS with DBARS
Auditing DB2 on z/OS with DBARSAuditing DB2 on z/OS with DBARS
Auditing DB2 on z/OS with DBARS
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
 
Oracle Database Security For Developers
Oracle Database Security For DevelopersOracle Database Security For Developers
Oracle Database Security For Developers
 
Teradata Partners 2011 - Utilizing Teradata Express For Development And Sandb...
Teradata Partners 2011 - Utilizing Teradata Express For Development And Sandb...Teradata Partners 2011 - Utilizing Teradata Express For Development And Sandb...
Teradata Partners 2011 - Utilizing Teradata Express For Development And Sandb...
 
IBM DB2
IBM DB2IBM DB2
IBM DB2
 
2008 Collaborate IOUG Presentation
2008 Collaborate IOUG Presentation2008 Collaborate IOUG Presentation
2008 Collaborate IOUG Presentation
 
DataBase Management systems (IM).pptx
DataBase Management systems (IM).pptxDataBase Management systems (IM).pptx
DataBase Management systems (IM).pptx
 
online training for IBM DB2 LUW UDB DBA
online training for IBM DB2 LUW UDB DBAonline training for IBM DB2 LUW UDB DBA
online training for IBM DB2 LUW UDB DBA
 
IBM DB2 LUW UDB DBA Online Training by Etraining Guru In Hyderabad
IBM DB2 LUW UDB DBA Online Training by Etraining Guru In HyderabadIBM DB2 LUW UDB DBA Online Training by Etraining Guru In Hyderabad
IBM DB2 LUW UDB DBA Online Training by Etraining Guru In Hyderabad
 
IBM DB2 LUW UDB DBA Training by www.etraining.guru
IBM DB2 LUW UDB DBA Training by www.etraining.guruIBM DB2 LUW UDB DBA Training by www.etraining.guru
IBM DB2 LUW UDB DBA Training by www.etraining.guru
 
IBM DB2 LUW/UDB DBA Training by www.etraining.guru
IBM DB2 LUW/UDB DBA Training by www.etraining.guruIBM DB2 LUW/UDB DBA Training by www.etraining.guru
IBM DB2 LUW/UDB DBA Training by www.etraining.guru
 
6232 b 04
6232 b 046232 b 04
6232 b 04
 
Oracle administration classes in mumbai
Oracle administration classes in mumbaiOracle administration classes in mumbai
Oracle administration classes in mumbai
 
2) security
2) security2) security
2) security
 
PHP Roadshow - MySQL Database Essentials
PHP Roadshow - MySQL Database EssentialsPHP Roadshow - MySQL Database Essentials
PHP Roadshow - MySQL Database Essentials
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
 

Solving the DB2 LUW Administration Dilemma

  • 1. Solving the DB2 Database Administration Dilemma Randy Goering DST Systems Inc. rmgoering@gmail.com Session Code D12 May 13, 2010 2:45 PM – 3:45 PM Platform DB2 9 for Linux, UNIX, Windows
  • 2. Agenda • What Dilemma? • DB2 Security Model Review • Administrative Routines and Views. • Creating a SQL Stored Procedure to execute an administrative function • Setting up a loop back federated database • Configuring security at the Instance, Federated Server, and Stored Procedures
  • 4. What Dilemma? • Authority! •How do you give users the ability to do their job without giving them the ability to do the DBA‘s Job? Definition Dilemma – noun – 1. a situation requiring a choice between equally undesirable alternatives. 2. any difficult or perplexing situation or problem. •How do you give the users the ability to do their job so the DBAs won‘t have to do it for them?
  • 5. What Dilemma? Client Requests • What is running in the database? • I loaded data to my table now I can‘t access it! • I executed a bad query and now I need to kill it! • Why is my query taking so long? Is it waiting for something? • I need to prevent read access on a table while I insert data. • I need to kill a backup so I can load data.
  • 6. What Dilemma? What‘s needed What‘s allowed • List applications • Select • List locks • Insert • List utilities • Update • Take backups • Delete • Force applications • Load • Quiesce table or tablespace • Execute
  • 7. What Dilemma? DB2 administrative functions are authorized at the instance and database level by users being a member in one of the instance or database groups. • SYSMON System monitor authority • SYSMAINT System maintenance authority • SYSCTRL System control authority • SYSADM System administration authority • DBADM Database administration authority • SECADM Security administration authority Our Dilemma has been how do we grant certain privileges to our users without granting them all of the commands in an administrative group. We want to grant permissions ‗a la carte‘.
  • 8. What Dilemma? Solving Permission Issues (a la carte) Specific Administrative functions can be granted to users. • Using • Administrative Routines and Views • SQL Stored Procedures • Federated Stored Procedures • Eliminating • SYSADM • SYSCTRL • SYSMAINT • SYSMON • DBADM
  • 9. DB2 9 LUW Security Model Review
  • 10. DB2 9 LUW Security Model Review Instance Level Authority SYSAD •SYSADM for users managing the M SYSCTRL instance as a whole SYSMAINT •SYSCTRL for users administering a SYSMON database manager instance •SYSMAINT for users administering databases within an instance •SYSMON for users monitoring the instance and its databases
  • 11. DB2 9 LUW Security Model Review Instance Level Authority db2 get dbm cfg SYSADM group name (SYSADM_GROUP) = SYSCTRL group name (SYSCTRL_GROUP) = SYSMAINT group name (SYSMAINT_GROUP) = SYSMON group name (SYSMON_GROUP) = • db2 update dbm cfg using SYSADM_GROUP = <value> • db2 update dbm cfg using SYSCTRL_GROUP = <value> • db2 update dbm cfg using SYSMAINT_GROUP = <value> • db2 update dbm cfg using SYSMON_GROUP = <value>
  • 12. DB2 9 LUW Security Model Review SYSMON • MONITOR SWITCHES • SNAPSHOTS • LIST commands • Active databases • Applications • Database partition groups • DCS applications • Packages • Tables • Tablespaces • Tablespace containers • Utilities
  • 13. DB2 9 LUW Security Model Review SYSMAINT • Backups • Restore to existing Database • Rollforward Recovery • Start or Stop an instance • Quiesce a table space • Tracing • Database system monitor snapshots • Reorganize tables • RUNSTATS • All SYSMON authorities
  • 14. DB2 9 LUW Security Model Review SYSCTRL • Update a database, node or distributed connection services (DCS) directory • Restore to a new or existing database • Force users off the system • Create or drop a database • Create, drop, or alter a table space • Use any table space • All SYSMAINT and SYSMON authority
  • 15. DB2 9 LUW Security Model Review SYSADM • Update and restore a database manager configuration parameters • DBM CFG and DB CFG • Specify groups that have SYSADM, SYSCTRL, SYSMAINT and SYSMON • Grant and Revoke table space privileges • Upgrade and restore a database • All SYSCTRL, SYSMAINT, SYSMON authority
  • 16. DB2 9 LUW Security Model Database Level Authority • SECADM for users managing security • DBADM for users administering a database • ACCESSCTRL for users who need to grant privileges • DATAACCESS for users who need to access data • SQLADM for users who monitor and tune SQL queries • WLMADM for users who manage workloads • EXPLAIN for users who need to explain query plans
  • 17. DB2 9 LUW Security Model SECADM • Create, alter, comment on, and drop Audit policies • Security label components • Security policies • Trusted contexts • Create, comment on, and drop Roles • Security labels • Grant and revoke database privileges and authorities • Execute audit routines • Grant and revoke Execute privilege on audit routines
  • 18. DB2 9 LUW Security Model ACCESSCTRL • Grant and revoke the following administrative authorities • EXPLAIN • SQLADM • WLMADM • Grant and revoke the following database authorities • BINDADD • CONNECT • CREATETAB • CREATE_EXTERNAL_ROUTINE • CREATE_NOT_FENCED_ROUTINE • IMPLICIT_SCHEMA • LOAD • QUIESCE_CONNECT • Grant and revoke all privileges on the following objects • Global Variables, Indexes, Nickname, Package, Routine, Schema • Sequence, Server, Table, Table Space, View, XSR Objects • SELECT privilege on the system catalog tables and views
  • 19. DB2 9 LUW Security Model DATAACCESS • For all tables, views, materialized query tables, and nicknames it gives these authorities and privileges • LOAD authority on the database • SELECT privilege (including system catalog tables and views) • INSERT privilege • UPDATE privilege • DELETE privilege • In addition, DATAACCESS authority provides the following privileges EXECUTE on all packages • EXECUTE on all routines (except audit routines)
  • 20. DB2 9 LUW Security Model DBADM • Create, alter, drop non-security related database objects • Read log files • Create, activate, and drop event monitors • Query the state of a table space • Update log history files • Quiesce a table space • Reorganize a table • Collect catalog statistics using the RUNSTATS utility
  • 21. DB2 9 LUW Security Model SQLADM • CREATE EVENT MONITOR • DROP EVENT MONITOR • EXPLAIN • FLUSH EVENT MONITOR • FLUSH OPTIMIZATION PROFILE CACHE • FLUSH PACKAGE CACHE • PREPARE • REORG INDEXES/TABLE • RUNSTATS • SET EVENT MONITOR STATE
  • 22. DB2 9 LUW Security Model WLMADM • Create, alter, comment on and drop workload manager objects • Grant and revoke workload privileges • EXECUTE privilege on the system-defined workload management routines
  • 24. Administrative routines and views DB2 LUW administrative views provide an easy-to-use application programming interface to DB2 administrative functions through SQL. • Collection of • Views • Table Functions • Invoked from • SQL-based application • DB2 command • Command script
  • 25. Categories of Administrative Routines and Views • Solution uses routines in the following categories: • Snapshot administrative SQL routines and views • ADMIN_CMD stored procedure and associated administrative SQL routines • Monitor routines and views
  • 26. Snapshot administrative SQL routines and views • Samples of administrative views • APPLICATIONS administrative view • This administrative view returns information on connected database applications. • LOCKS_HELD administrative view • This administrative view returns information on current locks held. • LOCKWAITS administrative view • This administrative view returns information on locks that are waiting to be granted. • LONG_RUNNING_SQL administrative view • This administrative view returns the longest running SQL statements in the currently connected database. • TOP_DYNAMIC_SQL administrative view • This administrative view returns the top dynamic SQL statements sortable by number of executions, average execution time, number of sorts, or sorts per statement.
  • 27. APPLICATIONS administrative view • Returns information on connected database applications. • LIST APPLICATIONS SHOW DETAIL command. SELECT AGENT_ID,SUBSTR(APPL_NAME,1,32) AS APPL_NAME, SUBSTR(AUTHID,1,32),APPL_STATUS FROM SYSIBMADM.APPLICATIONS FOR READ ONLY WITH UR AGENT_ID APPL_NAME AUTHID APPL_STATUS ----- -------------------- ------- ----------- 16096 db2wlmd DBADMIN CONNECTED 16095 db2taskd DBADMIN CONNECTED 16108 QuestCentral.exe DBADMIN UOWWAIT 16101 db2evmg_DB2DETAILDEA DBADMIN CONNECTED Authorization One of SYSADM, SYSCTRL, SYSMAINT, SYSMON
  • 28. SNAP_GET_APPL_INFO_V95 table function • Table Function to return information about applications from an application snapshot. • Examples Select * FROM TABLE(SNAP_GET_APPL_INFO_V95( dbname)) AS T Select * FROM TABLE(SNAP_GET_APPL_INFO_V95(‗‘)) AS T Use an empty string to return applications on current database Select * FROM TABLE(SNAP_GET_APPL_INFO_V95(NULL)) AS T Use NULL to get list of all applications on the instance • Authorization SYSMON EXECUTE on the get SNAP_GET_APPL_INFO table function
  • 29. LOCKS_HELD administrative view SELECT DB_NAME, AGENT_ID, APPL_NAME, AUTHID, TBSP_NAME, TABSCHEMA, TABNAME, LOCK_OBJECT_TYPE, LOCK_MODE FROM SYSIBMADM.LOCKS_HELD DB_NAME AGENT_ID APPL_NAME AUTHID TBSP_NAME TABSCHEMA TABNAME LOCK_OBJECT_TYPE LOCK_MODE TST00XXX 6004 express_cheese SWISS [Null] [Null] [Null] INTERNALV_LO CK S TST00XXX 6004 express_cheese SWISS [Null] [Null] [Null] INTERNALP_LO CK S TST00XXX 5267 express_cheese SWISS [Null] [Null] [Null] INTERNALP_LO CK S TST00XXX 5267 espress_cheese SWISS SYSCATSPACE SYSIBM SYSUSERAUTH TABLE_LO CK IS TST00XXX 5266 express_cheese SWISS REP DPS REP_MAINT RO W_LO CK X TST00XXX 5266 express_cheese SWISS CO NTACT DPS CO NTACT RO W_LO CK X TST00XXX 5266 express_cheese SWISS REP DPS REP_ENTITY_AUDIT RO W_LO CK X Authorizations One of SYSADM, SYSCTRL, SYSMAINT, SYSMON
  • 30. LOCKWAITS administrative view SELECT SUBSTR(A.DB_NAME,1,10) AS DB_NAME , A.SNAPSHOT_TIMESTAMP, LOCK_WAIT_START_TIME , A.AGENT_ID , SUBSTR(A.AUTHID,1,12) as AUTHID , AGENT_ID_HOLDING_LK , SUBSTR(A.APPL_NAME,1,32) AS APPL_NAME, SUBSTR(TABSCHEMA,1,10) AS SCHEMA , SUBSTR(TABNAME,1,32) AS TABLE , SUBSTR(TBSP_NAME,1,32) AS TABLESPACE , LOCK_OBJECT_TYPE , LOCK_MODE , LOCK_MODE_REQUESTED , cast(SUBSTR(B.STMT_TEXT,1,256) AS VARCHAR(256) ) AS STMT_TEXT FROM SYSIBMADM.LOCKWAITS Authorizations One of SYSADM, SYSCTRL, SYSMAINT, SYSMON
  • 31. ADMIN_CMD stored procedure and associated administrative SQL routines The ADMIN_CMD procedure is used by applications to run administrative commands using the SQL CALL statement. The procedure currently supports the following DB2 command line processor (CLP) commands • AUTOCONFIGURE • BACKUP - online only • DESCRIBE • EXPORT • FORCE APPLICATION • IMPORT • LOAD • PRUNE HISTORY/LOGFILE • QUIESCE DATABASE • QUIESCE TABLESPACES FOR TABLE • REDISTRIBUTE • REORG INDEXES/TABLE • RESET ALERT CONFIGURATION • RESET DATABASE CONFIGURATION • RESET DATABASE MANAGER CONFIGURATION • RUNSTATS • UNQUIESCE DATABASE • UPDATE DATABASE CONFIGURATION • UPDATE DATABASE MANAGER CONFIGURATION • UPDATE HEALTH NOTIFICATION CONTACT LIST • UPDATE HISTORY
  • 32. ADMIN_CMD stored procedure and associated administrative SQL routines • FORCE APPLICATION command using the ADMIN_CMD procedure • CALL SYSPROC.ADMIN_CMD( ‗force application (6108)‘) Authorizations One of SYSADM, SYSCTRL, SYSMAINT
  • 33. ADMIN_CMD stored procedure and associated administrative SQL routines • BACKUP DATABASE command using the ADMIN_CMD procedure • CALL SYSPROC.ADMIN_CMD('backup db dbasamp1 online use tsm') Authorizations One of SYSADM ,SYSCTRL,SYSMAINT
  • 34. ADMIN_CMD stored procedure and associated administrative SQL routines QUIESCE TABLESPACES FOR TABLE command using the ADMIN_CMD procedure • CALL SYSPROC.ADMIN_CMD( 'quiesce tablespaces for table H9X exclusive' ) Authorizations One of SYSADM, SYSCTRL, SYSMAINT, DBADM,LOAD
  • 35. Creating a SQL Stored Procedure to execute an administrative function
  • 36. Creating a Stored Procedure Types of Procedures • SQL • Written in SQL and defined on the current database. • Sourced • Procedure that references a source procedure (SQL) • Also know as a federated procedure • Defined on current or remote database • External • Written in a programming language
  • 37. SQL Procedure Definitions • Create Statement • Procedure Name • Parameters List • Options • SQL Body • Authorization • IMPLICIT_SCHEMA • CREATEIN • DBADM • Must also have permissions to execute all SQL contained in procedure
  • 38. Create Procedure Statement • CREATE PROCEDURE procedure name (IN|OUT|INOUT parameter | data type | default clause ) option list | SQL procedure body CREATE PROCEDURE SP_FORCE_APP • (IN | OUT | INOUT parameter-name data-type default-clause, …) CREATE PROCEDURE SP_FORCE_APP (IN VAGENT CHAR(16))
  • 39. SQL Procedure Options • SPECIFIC unique_name • DYNAMIC RESULT SETS integer • LANGUAGE SQL • CALLED ON NULL INPUT • EXTERNAL ACTION • OLD SAVEPOINT LEVEL • INHERIT SPECIAL REGISTERS • CONTAINS SQL, READS SQL DATA, MODIFIES SQL DATA CREATE PROCEDURE SP_FORCE_APP (IN VAGENT CHAR(16)) SPECIFIC DBA.SP_FORCE_AGENTID LANGUAGE SQL CONTAINS SQL
  • 40. SQL Procedure Body BEGIN Variable declarations Condition declarations Cursor declarations Condition handler declarations Assignment Flow of control SQL statements and other compound statements END
  • 41. SQL Procedure Execution • SQL procedure invoked by using the CALL statement. • Passing of parameters • Receiving of parameters • Result sets returned • SQL Procedures can be invoked from: • an embedded SQL client application • an external routine (procedure, UDF, or method) • an SQL routine (procedure, UDF, or method) • an SQL trigger (BEFORE TRIGGER, AFTER TRIGGER, or INSTEAD OF TRIGGER) • an SQL dynamic compound statement • from the Command Line Processor (CLP) • Examples • CALL DBA.SP_FORCE_APP (‗21235‘) • CALL DBA.SP_LIST_APPLICATIONS()
  • 42. SQL Procedures Examples of SQL Procedures Called by the Federated Procedures only. • DBA.SP_LIST_APPLICATIONS() • DBA.SP_LIST_LOCKWAITS() • DBA.SP_FORCE_AGENTID() • DBA.SP_LIST_LOCKWAITS() • DBA.SP_GET_CURRENT_AGENTID() • DBA.SP_FORCE_BACKUP() • DBA.SP_CHECK_UTILITY_STATUS() • DBA.SP_BACKUP_DATABASE() • DBA.SP_FORCE_APP_BY_TABLE()
  • 43. SP_LIST_APPLICATIONS Using Administrative View CREATE PROCEDURE DBA.SP_LIST_APPLICATIONS( ) {OPTIONS} BEGIN { DECLARE} SELECT AGENT_ID , SUBSTR(APPL_NAME,1,32) AS APPL_NAME , SUBSTR(AUTHID,1,32) AS AUTHID , APPL_STATUS, APPL_ID FROM SYSIBMADM.APPLICATIONS WHERE DB_NAME = DB FOR READ ONLY WITH UR; VALUES CURRENT SERVER INTO DB; OPEN C1; END
  • 44. SP_LIST_APPLICATIONS Using Table Function CREATE PROCEDURE DBA.SP_LIST_ALL_APPLICATIONS (IN VDBNAME VARCHAR(128)) SPECIFIC DBA.SP_LST_ALL_APPLICATIONS {OPTIONS} BEGIN {DECLARE} SELECT SNAPSHOT_TIMESTAMP , SUBSTR(DB_NAME,1,10) AS DB_NAME , CAST(AGENT_ID AS CHAR(10)) AS AGENT_ID ,SUBSTR(APPL_NAME,1,24) AS APPL_NAME , SUBSTR(PRIMARY_AUTH_ID,1,10) AS PRIMARY_AUTH_ID , SUBSTR(APPL_STATUS, 1,12) AS APPL_STATUS , SUBSTR(CLIENT_NNAME,1,16) AS CLIENT_NNAME FROM TABLE(SNAP_GET_APPL_INFO_V95( VDBNAME )) AS T WHERE IS_SYSTEM_APPL = 0 and PRIMARY_AUTH_ID NOT IN (SELECT UPPER(INST_NAME) FROM SYSIBMADM.ENV_INST_INFO) FOR READ ONLY WITH UR; OPEN C1; END
  • 45. Setting up a loop back federated database
  • 46. Federation • Unites multiple databases or data sources. Definition • Acts like a central database. fed·er·ate – verb – 1. to unite. • Each database or data source remains independent. Definition fed·er·a·tion - noun – 1. the act of federating or uniting. 2. the formation of a political unity, with a central government, by a number of separate states, each of which retains control of its own internal affairs.
  • 47. Federation Benefits • Correlate data from local tables and remote data sources, as if all the data is stored locally in the federated database. • Update data in relational data sources, as if the data is stored in the federated database. • Move data to and from relational data sources. • Take advantage of the data source processing strengths, by sending requests to the data sources for processing. • Compensate for SQL limitations at the data source by processing parts of a distributed request at the federated server.
  • 48. Heterogeneous Federation • Federation between DB2 family and Informix data sources. • Federation between non DB2 Relational Database Systems. • Federation between non relational data sources. • Access to non DB2 family data sources requires IBM InfoSphere Federation Server.
  • 49. Components of heterogeneous DB2 federated system
  • 50. Homogeneous Federation Federation between DB2 LUW and other DB2 family and Informix data sources only. • Available in: • DB2 Enterprise Server Edition • DB2 Workgroup Server Edition • DB2 Express Edition • No additional software or licenses required.
  • 51. Components of homogeneous DB2 federated system Source DB Target DB SQL D Nicknames DB2 R DB2 Family D Family A User Mappings Wrappers and SDB.TB1 Functions TDB.TB2 SELECT SDB.COL1 FROM SDB.TB1 SELECT TDB.COL1 FROM TDB.TB2 SELECT SDB.COL1, TDB.COL1 FROM SDB.TB1 AS SDB, TDB.TB2 AS TDB
  • 52. Federation System • DB2 instance that operates as a federated server. • DB2 database that acts as the federated database. • One or more data sources. • Clients (users and applications) that access the database and data sources.
  • 53. Components of a loop back DB2 federated system • One DB2 Database Manager Instance. • One DB2 Database. • One Data Source. • Multiple SQL Procedures. • Multiple Federated Procedures. Source Database SQL D Federated DB2 R Procedures Family D A SQL Procedures User Mappings Wrappers and Target Database Functions
  • 54. The Federated Server • The DB2 instance that manages the federated system is called a server because it responds to requests from end users and client applications. • Any number of DB2 instances can be configured to function as federated servers. • Application processes connect and submit requests to the database within the federated server. • A federated server is configured to receive requests that might be partially or entirely intended for data sources. The federated server distributes these requests to the data sources. • A federated server uses DRDA communication protocols (over TCP/IP) to communicate with DB2 family instances. • A Federated server also uses the native client of the data source to access the data source. For example, a federated server uses the Sybase Open Client to access Sybase data sources and an Microsoft® SQL Server ODBC Driver to access Microsoft SQL Server data sources.
  • 55. Configuring the Federated Server • Configure at the instance by updating the Database Management Configuration parameter. • FEDERATED • DB2 UPDATE DATABASE MANAGER CONFIGURATION USING FEDERATED YES • CONNECTION CONCENTRATOR • Federated database system support and concentrator feature cannot be active at the same time. • Must be off by setting • MAX_CONNECTIONS = MAX_COORDAGENTS
  • 56. The Federated Database • System catalog contains entries that identify data sources and their characteristics. • The federated server consults the system catalog and the data source wrapper to determine the best plan for processing SQL statements. • The federated system processes SQL statements as if the data from the data sources were ordinary relational tables or views within the federated databases. • The federated system can correlate relational data with data in non-relational formats. • The characteristics of the federated database take precedence when there are differences between the characteristics of the federated database and the characteristics of the data sources. • Query results conform to DB2 semantics, even if data from other non-DB2 data sources is used to compute the query result. • A federated database is a database with one or more data sources defined.
  • 57. The Data Source • A data source is data that resides outside of the federated database. • A data source can be a relational database or a non-relational data type. • A federated system does not monopolize or restrict access to the other data sources, beyond integrity and locking constraints. • The method, or protocol, used to access a data source depends on the type of data source. • The data source is accessed via a data source wrapper.
  • 58. Data Source Wrapper • Wrappers are mechanisms by which the federated database interacts with data sources. • You create one wrapper for each type of data source that you want to access. • These routines allow the federated database to perform operations such as connecting to a data source and retrieving data from it iteratively. • The federated server provides connectivity to DB2 data sources by using the open DRDA protocol. • This support is equivalent to that provided by the DB2 Connect server. • You can use the DRDA wrapper with all DB2 family data source objects—DB2 Database for Linux, UNIX, and Windows, DB2 for z/OS, DB2 for System I, and DB2 Server for VM and VSE.
  • 59. Create Data Source Wrapper • DB2 CREATE WRAPPER DRDA OPTIONS (DB2_FENCED ‗N‘) • You can register a wrapper as fenced or trusted using the DB2_FENCED wrapper option. • FENCED - processes that are separate from the database agent. • NOT_FENCED – processes that are within the database agent. • The sourced (federated) procedure cannot be created or invoked using a wrapper defined as fenced. Authorizations One of SYSADM, DBADM
  • 60. Create Server Definition • Use the CREATE SERVER statement to register DB2 data source definitions. • A server definition for relational data sources usually represents a remote database. • CREATE SERVER―DBATOOLS‖ TYPE DB2/AIX VERSION ‗9‘ WRAPPER ―DRDA‖ AUTHORIZATION ―INSTID‖ PASSWORD ―INSTPWD‖ OPTIONS(ADD NODE ‗SPINODE‘, ADD DBNAME ‗SPI00001‘) • Catalog node and database • db2 catalog tcpip node SPINODE REMOTE 127.0.0.1 SERVER 50000 • db2 catalog database SOURCEDB AS SCPI0001 AT NODE SPINODE Authorizations One of SYSADM, DBADM
  • 61. Create User Mappings • A user mapping is an association between an authorization ID on the federated server and the information that is required to connect to the remote data source. • CREATE USER MAPPING FOR ―RANDY‖ SERVER DBATOOLS OPTIONS (REMOTE_AUTHID ‗SYSADMID‘, REMOTE_PASSWORD mypasswd1) This is the Key to our Solution. By mapping a users ID to an ID with the authority to execute administrative commands we can provide authorities a la carte.
  • 62. Creating a Federated Stored Procedure
  • 63. Create Federated Procedure • A Federated Procedure is a procedure on the federated database that executes a SQL procedure on the data source. • Authorization • IMPLICIT_SCHEMA • CREATEIN • DBADM • Must also have permissions to execute all SQL contained in procedure
  • 64. Create Federated Procedure • Syntax • CREATE PRODEDURE procedure name | source procedure clause |option list | SOURCE | source object name | NUMBER OF PARAMETERS integer FOR SERVER server name Example CREATE PROCEDURE SPI.SP_LIST_APPLICATIONS SOURCE DBA.SP_LIST_APPLICATIONS NUMBER OF PARAMETERS 0 FOR SERVER DBSERV WITH RETURN TO CLIENT ALL
  • 65. Federated procedures • SPI.SP_LIST_APPLICATIONS() CREATE PROCEDURE SP_LIST_APPLICATIONS SOURCE DBA.SP_LIST_APPLICATIONS NUMBER OF PARAMETERS 0 FOR SERVER DBATOOLS SPECIFIC SPI_LIST_APPLICATIONS WITH RETURN TO CLIENT ALL • SPI.SP_FORCE_AGENTID CREATE PROCEDURE SP_FORCE_AGENTID SOURCE DBA.SP_FORCE_AGENTID NUMBER OF PARAMETERS 1 FOR SERVER DBATOOLS SPECIFIC SPI_FORCE_AGENTID WITH RETURN TO CLIENT ALL
  • 66. Federated procedures Example Federated Procedures. Schema is SPI (Solving Permission Issues) • SPI.SP_LIST_APPLICATIONS() • SPI.SP_LIST_LOCKWAITS() • SPI.SP_FORCE_AGENTID() • SPI.SP_LIST_LOCKWAITS() Called by the Users • SPI.SP_GET_CURRENT_AGENTID() • SPI.SP_FORCE_BACKUP() • SPI.SP_CHECK_UTILITY_STATUS() • SPI.SP_BACKUP_DATABASE() • SPI.SP_FORCE_APP_BY_TABLE()
  • 67. Solving Permission Issues Client s Federated Procedure Node Federated Server Databas e Catalog Adm. SQL Views Procedure Table s Func.
  • 68. Configuring security at the Instance, Federated Server, and Stored Procedures • Grant execute permissions on federated procedures to users. • Grant permission to SQL procedures only to non client IDs. • Revoke permissions from SYSIBMADM routines and views from public and client IDs. • Create a group and ID for each of the instance level security groups. • Create user mappings to use ID with minimum level of authority needed to execute command. • Restrict permission on SYSCAT.USEROPTIONS
  • 69. Summary • Grant permissions a la carte by using • Administrative Routines and Views in • SQL Stored Procedure invoked by a • Federated Stored procedure • Defined in a Federated System
  • 70. Resources • IBM DB2 Database for Linux, UNIX, and Windows Information Center V9.7 • http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp • IBM DB2 Database for Linux, UNIX, and Windows Information Center V9.5 • http://publib.boulder.ibm.com/infocenter/db2luw/v9r5/index.jsp
  • 71. DST Systems, Inc. DST Systems, Inc. provides sophisticated information processing and computer software services and products that help clients improve productivity, increase efficiency, and provide higher levels of customer service. http//www.dstsystems.com/ E-mail webmaster@dstsystems.com Celebrating Phone 888.DST.INFO 40 Years Founded in 1969 as a division of Kansas City Southern Industries, DST was established to develop an automated recordkeeping system for the mutual of Excellence fund industry. DST has supported the industry‘s continued growth and is the largest provider of third-party shareholder recordkeeping services in the United States today. Headquartered in Kansas City, Missouri, DST is a publicly traded company on the New York Stock Exchange (Symbol DST) that employs approximately 11,000 associates, both domestically and internationally.
  • 73. Randy Goering DST Systems Inc. rmgoering@gmail.com Session Code D12 May 13, 2010 2:45 PM – 3:45 PM

Hinweis der Redaktion

  1. To determine what administrative groups you have defined you would use the db2 get dbm cfg command.These values can be set with the db2 update dbm cfg using &lt;keyword&gt; &lt;value&gt; command.For &lt;value&gt; you would use the defined Linux, Unix or Windows user group for the users that you want to have these permissions. On Linux and Unix the /etc/group file is a text file that defines the groups to which users belong. Under Unix and Linux multiple users can be categorized into groups.On Linux and Unix /etc/passwd is a text file, that contains a list of the system&apos;s accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc.
  2. SYSCTRL authority is the highest level of system control authority. This authority provides the ability to perform maintenance and utility operations against the database manager instance and its databases. These operations can affect system resources, but they do not allow direct access to data in the databases.System control authority is designed for users administering a database manager instance containing sensitive data.SYSCTRL authority is assigned to the group specified by the sysctrl_group configuration parameter. If a group is specified, membership in that group is controlled outside the database manager through the security facility used on your platform.
  3. Starting with DB2 8.1 for Linux, UNIX, Windows, DB2 provided a set of system-defined procedures and function within the SYSPROC, SYSFUN and SYSTOOLS schemas. In DB2 9.1 for Linux, UNIX, Windows , the ADMIN_CMD was added as an administrative routine. In DB2 9.5 for Linux, UNIX, new administrative views were add that provide an easy-to-use application programming interface to DB2 administrative functions through SQL.
  4. The SNAP_GET_APPL_INFO_V95 table function returns the same information as the SNAPAPPL_INFO administrative view, but allows you to retrieve the information for a specific databases.Used with the SNAP_GET_AGENT, SNAP_GET_AGENT_MEMORY_POOL, SNAP_GET_APPL_V95, SNAP_GET_STMT and SNAP_GET_SUBSECTION table functions, the SNAP_GET_APPL_INFO_V95 table function provides information equivalent to the GET SNAPSHOT FOR ALL APPLICATIONS CLP command, but retrieves data from all database partitions. Additional columns not included in view:CODEPAGE_IDAUTHORITY_LVLTERRITORY_CODESESSION_AUTH_IDINPT_DB_ALIASDB_PATHEXECUTION_IDCORR_TOKEN
  5. The ADMIN_CMD procedure is used by applications to run administrative commands using the SQL CALL statement. Some commands might have slightly different supported syntax when executed through the ADMIN_CMD procedure.For all commands executed through the ADMIN_CMD, the user ID that established the connection to the database is used for authentication.Any additional authority required, for example, for commands that need file system access on the database server, is documented in the reference information describing the command.This procedure cannot be called from a user-defined function or a trigger.
  6. Forces local or remote users or applications off the system to allow for maintenance on a server.Attention: If an operation that cannot be interrupted (RESTORE DATABASE, for example) is forced, the operation must be successfully re-executed before the database becomes available.Required connectionInstance. To force users off a remote server, it is first necessary to attach to that server. If no attachment exists, this command is executed locally.FORCE APPLICATION ALL All applications will be disconnected from the database. application-handle Specifies the agent to be terminated. List the values using the LIST APPLICATIONS command. MODE ASYNC The command does not wait for all specified users to be terminated before returning; it returns as soon as the function has been successfully issued or an error (such as invalid syntax) is discovered. This is the only mode that is currently supported.To preserve database integrity, only users who are idling or executing interruptible database operations can be terminated.The following types of users and applications cannot be forced: users creating a databasesystem applicationsIn order to successfully force these types of users and applications, the database must be deactivated and/or the instance restarted.
  7. Creates a backup copy of a database or a table space.
  8. Quiesces table spaces for a table.
  9. A stored procedure is a user-written application program that is stored on the database server and runs inside the database. Stored procedures are typically used to implement custom code that executes on the database.
  10. The CALL statement is an SQL statement that enables the procedure invocation, the passing of parameters to the procedure, and the receiving of parameters returned from the procedure.
  11. These are samples of the SQL procedure that we are using for our client and application support groups.For the source SQL procedure we use a schema named DBAFor our sourced (federated procedures we use a schema named SPI)
  12. The SYSIBMADM.APPLICATIONS view can be use to get information about applications in the database.
  13. This SP_LIST_APPLICATIONS SQL Stored procedure example uses the SNAP_GET_APPL_INFO_V95 table function. By using the table function we can have the SQL procedure return different results. With this procedure we can either display the applications running in the current database by either specifying the database name or passing an empty string (e.g. ‘’) . When a value of ‘NULL’ is passed to the procedure the table function with return applications running in all of the databases in the same instance and the database that this procedure is executing.We are also taking advantage of the IS_SYSTEM_APPL column to only return user applications and exclude any system applications that typically start with db2. We are also using the SYSIBMADM.ENV_INST_INFO view to get information about the instance, specifically the instance name, in this way we can exclude any applications that are being ran by the instance id.
  14. Federation is most typically setup between a source database and a remote database. Our solution will use one database as both the source and remote database.
  15. If you purchase and install IBM InfoSphere Federation Server you will have the ability to access these type of data sources. The IBM InfoSphere Federation Server product is not required if accessing DB2 Family data sources.
  16. This functionality is available in the DB2 database product as of DB2 Version 9.5 Fix Pack 3b. If you are using DB2 Version 9.5 Fix Pack 3 or earlier, you do not need to purchase an additional feature for this functionality; the license terms are no longer enforced in this scenario. It is nonetheless recommended that you install Fix Pack 4 (or later fix packs) to be compliant with the new licensing for this DB2 feature.
  17. Homogeneous federation provides the ability to create nicknames across members of the IBM relational database server family. This allows you to develop applications across DB2 and Informix tables that reside on different platforms without concern to their location. For example, you can use this feature to easily create an application that performs a join of data that resides on a DB2 I Series with one that running DB2 for Linux on System Z, or Informix, and so on. If you wanted to federate a query across non-IBM database servers (for example, Oracle, SQL Server, etc), or leverage the benefits of queue-based replication, you would need to purchase IBM InfoSphere Federation Server.
  18. A federated system is a special type of Database Management System (DBMS) consisting of a DB2 instance that operates as a federated server, a database that acts as the federated database, one or more data sources and users that access the database and data sources. With a federated system, you can send distributed requests to multiple data sources within a single SQL statement. For example, you can join data that is located in a DB2 table, an Oracle table, and an XML tagged file in a single SQL statement. The following figure shows the components of a federated system and a sample of the data sources you can access. The federated server is a database manager instance. You can use existing DB2 instance as your federated servers or create new one specifically for the federated system. Federated systems can include data sources such as Oracle or Sybase. In our solution we will be using a DB2 federated server with our database as the DB2 data source.
  19. A loop backup federated system is a homogeneous federation system using only one DB2 database instance and one DB2 database. The use of nickname is not needed since all of the data resides in the database.You can implement any number of SQL procedures and Federated Procedure to allow execution of command not typically granted to users.
  20. You configure your DB2 instance to be a federated server by updating the Database Management Configuration parameter FEDERATED to YES.Before turning on Federation the connection concentrator must be turned off. If the concentrator is on, change the value of MAX_CONNECTIONS is equal to MAX_COORDAGENTSdb2 get dbm cfg | grep MAXMax number of coordinating agents (MAX_COORDAGENTS) = AUTOMATIC(400)Max number of client connections (MAX_CONNECTIONS) = AUTOMATIC(MAX_COORDAGENTS)
  21. You must register a wrapper to access DB2 family data sources. The federated server uses the wrapper to communicate with and retrieve data from the data source. A wrapper is implemented as a set of library files.The default wrapper name for the DB2 family data sources is DRDA.DB2_FENCED option is required. Specifies whether the wrapper runs in fenced mode or in trusted mode. Valid values are Y and N. The default is N; the wrapper runs in trusted mode.The sourced procedure (federated procedure) cannot be created or invoked using a wrapper defined as fenced.SQL1376N - Creating or invoking a federated procedure using a wrapper defined as fenced is not supported. SQLSTATE=55069
  22. The federated server requires authorization and password information to connect to each DB2 server. The CREATE SERVER statement defines a data source to a federated database. In this statement, the term SERVER and the parameter names that start with server refer only to data sources in a federated system. They do not refer to the federated server in such a system.The privileges held by the authorization ID of the statement must include SYSADM or DBADM authority. This authorization ID is not used when establishing subsequent connections to the server at it is only used to define the data source.SyntaxCREATE SERVER “server” TYPE DB2/AIX VERSION 9 WRAPPER “DRDA” AUTHORIZATION “-supply userid’ PASSWORD “- supply password” OPTIONS (ADD DBNAME ‘dbname’, ADD NODE ‘node_name’)DBNAME Required. The alias for the DB2 database that you want to access. You defined this alias when you cataloged the database using the CATALOG DATABASE command. This value is case sensitive. Although the database name variable is specified as an option in the CREATE SERVER statement, it is required for DB2 data sources.
  23. A user mapping is an association between an authorization ID on the federated server and the information that is required to connect to the remote data source. By mapping a users id to a ID that hold the required authority ( SYSADM, SYSCTRL, SYSMAINT, SYSMON) we can able to give our user the ability to run administrative commands via a stored procedure. This mapping is only available for the command that we exposed through the Federated Stored Procedure. It does not give our users the ability to execute any other commands. When users call the federated stored procedure the federated server performs these steps:Retrieves Randy’s user mapping Decrypts the remote password &apos;remote_pw&apos; that is associated with the remote serverCalls the wrapper to connect to the remote server Passes the remote ID &apos;remote_ID&apos; and the decrypted remote password to the wrapperCreates a connection to the remote server for SYSADMBy default, the federated server stores user mapping in the SYSCAT.USEROPTIONS view in the global catalog and encrypts the remote passwords. As an alternative, you can use an external repository, for example a file or an LDAP server, to store user mappings. To provide the interface between the federated server and the external repository, you create a user mapping plug-in.No matter how you store user mappings, carefully restrict access to them. If user mappings are compromised, data in the remote databases may be vulnerable to unauthorized activity.
  24. A stored procedure is a user-written application program that is stored on the database server and runs inside the database. Stored procedures are typically used to implement custom code that executes on the database. A Federated Stored Procedure is a procedure used to invoke a SQL procedure on a Data Source.
  25. A federated procedure is a federated database object that references a procedure on a data source. Because the federated procedure is a federated database object, users and client applications can invoke the data source procedure by via a federated procedure. The result of the data source procedure, such as the output parameters, are returned by the federated procedure. Using a federated procedure make the location of the database procedure transparent to users and client applications. You use the name of the federated procedure to call the data source procedure.
  26. These are samples of the federated procedures that we are using for our client and application support groups.A Federated Procedure is a simple procedure that only invokes a SQL procedure on a data source. A Federated Procedure can not execute any other statements. It’s passes all parameters to the SQL procedure and returns any parameters, or results to the application that called the federated procedure.
  27. These are samples of the federated procedures that we are using for our client and application support groups.I don’t have space or time to walk through each one but if you email me I can share them with you.
  28. Client connects to database and invokes a federated procedure.The federated procedure will use the federated server definition and data source wrapper to connect back to the database with an id that has the necessary authority to run the source procedure and the embedded administrative commands. Retrieves Randy’s user mapping Decrypts the remote password &apos;remote_pw&apos; that is associated with the remote serverCalls the wrapper to connect to the remote server Passes the remote ID &apos;remote_ID&apos; and the decrypted remote password to the wrapperCreates a connection to the remote server for SYSADMThe SQL procedure that was defined in the federated procedure is executed using the authorization defined in the user mapping.The results are returned to the Federated Procedure and to the client.
  29. Grant permissions to the Federate Procedures only to users that you want to have the authority to run the source procedures that perform administrative functions.Only the id’s that have SYSADM, SYSCTRL, SYSMAINT and SYSMON should be granted permission on the source procedures that contain the SQL administrative views and table functions. Only the id’s that have SYSADM, SYSCTRL, SYSMAINT and SYSMON should be granted permission on the SYSIBMADM SQL administrative views and table functions. It is possible to map all of the user to ID that has SYSADM authority. However not every administrative view needs that level authority. Best practice would be to create a user mapping that maps to an ID that has the minimum need authority to run the procedure. This would require that a ID need to be created and placed in each of the administrative groups.By default, the federated server stores user mapping in the SYSCAT.USEROPTIONS view in the database catalog and encrypts the remote passwords. As an alternative, you can use an external repository, for example a file or an LDAP server, to store user mappings. To provide the interface between the federated server and the external repository, you create a user mapping plug-in. No matter how you store user mappings, carefully restrict access to them. If user mappings are compromised, data in the remote databases might be vulnerable to unauthorized activity.
  30. DB2 LUW Statistics for DST SystemsServers 26Instances 205Databases 927Tables 997,502Indexes 1,320,467Views 581,466SQL Procedures 11,663Triggers 46,119Combined Database Size 27,700,421 (MB)