System Tables

[markn]

Hi there everyone!

I'm new to DB2 and in approximately 6 weeks time I have to re-write a smallish application from ASP into ASP.NET and using DB2 and not SQL Server 2000. I am very nervous and have lots of questions.

My first one is:-
how do you make it so that you dont have to view the system tables, procs etc etc within DB2. In SQL Server you can uncheck a check box thereby allowing you to view only the User tables etc (ie. tables you have created).

Thanks!

[rohano]

This is from the DB2 UDB Information Centre. It can be found in the section on securing your catalog.

...During database creation, SELECT privilege on the system catalog views is granted to PUBLIC. In most cases, this does not present any security problems. For very sensitive data, however, it may be inappropriate, as these tables describe every object in the database. If this is the case, consider revoking the SELECT privilege from PUBLIC; then grant the SELECT privilege as required to specific users. Granting and revoking SELECT on the system catalog views is done in the same way as for any view, but you must have either SYSADM or DBADM authority to do this.

At a minimum, you should consider restricting access to the following catalog views:

SYSCAT.DBAUTH
SYSCAT.TABAUTH
SYSCAT.PACKAGEAUTH
SYSCAT.INDEXAUTH
SYSCAT.COLAUTH
SYSCAT.PASSTHRUAUTH
SYSCAT.SCHEMAAUTH
This would prevent information on user privileges from becoming available to everyone with access to the database. With this information, an unethical user could gain unauthorized access to the database....

So you would need to REVOKE SELECT on the above views to accomplish it. Use the command center or command line.

Good Luck
Ro