Ownership of resources is not synchronized because CA ACF2 Option for DB2 handles privileges associated with ownership differently from DB2. When a resource is created, DB2 grants the owner all privileges to the created resource. The REVOKE statement cannot remove these privileges. In CA ACF2 Option for DB2, the creator of the resource does not automatically become the owner of the resource and does not obtain any implicit privileges for the created resource. A rule would have to be written to explicitly give the creator the privileges or identify the user with $LIDOWNER or $UIDOWNER. This might cause CA ACF2 Option for DB2 and the DB2 catalog to be out of sync for the creator’s privileges for this resource.
Grants for resources to owners in CA ACF2 Option for DB2 have the WITH GRANT OPTION clause added to their grant statement.
CA ACF2 Option for DB2 treats users with SECURITY as owners. If you specify the NOPRIVCHECK option, CA ACF2 Option for DB2 ignores the SECURITY attributes.
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|