Getting Secondary Ids

Srini S Rajan

Getting Secondary Ids
Dear group,

How can I find the secondary ids for a given primary id. I want to find
all the access rights of a user (given to his primary or secondary ids),
but I dont find any catalog tables linking the primary ids and secondary
id.

If it is stored outside in RACF, how can I access that information from
JDBC or other client interfaces.

Thank You.

Srini S Rajan

---------------------------------------------------------------------------------
Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select "Join or Leave the list". If you will be out of the office, send the SET DB2-L NO MAIL command to [login to unmask email] The IDUG List Admins can be reached at [login to unmask email] Find out the latest on IDUG conferences at http://conferences.idug.org/index.cfm

James Campbell

Re: Getting Secondary Ids
(in response to Srini S Rajan)
The secondary-ids a user has is determined by the logon exit (sign-on
exit for CICS and IMS). This normally copies the RACF group-ids a
user is connected to to the list of secondary-ids. It need not - it
may do whatever it likes. The ACF/2 version of this exit gets the
list using ACF principles.

There is an IFCID (forget the number) that will return the list of
secondary-ids for the current user. There is a QMF V7 UDF that
returns this list in a table function.

There was a posting a few months ago about a version of the logon/signon exits that generated secondaryids under some circumstances in which the user's ACEE would not normally be available. Check the archives.

James Campbell

On 12 Dec 2003 at 14:23, Srini S Rajan wrote:

> Dear group,
>
> How can I find the secondary ids for a given primary id. I want to find
> all the access rights of a user (given to his primary or secondary ids),
> but I dont find any catalog tables linking the primary ids and secondary
> id.
>
> If it is stored outside in RACF, how can I access that information from
> JDBC or other client interfaces.
>
> Thank You.
>
> Srini S Rajan
>
> ---------------------------------------------------------------------------------
> Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select "Join or Leave the list". If you will be out of the office, send the SET DB2-L NO MAIL command to [login to unmask email] The IDUG List Admins can be reached at [login to unmask email] Find out the latest on IDUG conferences at http://conferences.idug.org/index.cfm

---------------------------------------------------------------------------------
Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select "Join or Leave the list". If you will be out of the office, send the SET DB2-L NO MAIL command to [login to unmask email] The IDUG List Admins can be reached at [login to unmask email] Find out the latest on IDUG conferences at http://conferences.idug.org/index.cfm

Venkat Srinivasan

Re: Getting Secondary Ids
(in response to James Campbell)
Write your own RACF macro to get all valid groups. A list can also be
obtained from address space extension block. Look at the delivered programs
DSN3SATH, in SDSNSAMP for pointers. I don't think that will work in a
distributed java environment.
I remember to have seen a FRACLINK general purpose ASM routine on the net.
Check planet MVS. You may see some code that you can modify.
What is your actual need?. If you knwe the group upfront, Why not just do a
SET and if it fails you know that that is not a valid group!!.Not pretty
but quick and dirty.

Cross post in IBM-MAIN list and you may get some code.

Regards,
Venkat

---------------------------------------------------------------------------------
Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select "Join or Leave the list". If you will be out of the office, send the SET DB2-L NO MAIL command to [login to unmask email] The IDUG List Admins can be reached at [login to unmask email] Find out the latest on IDUG conferences at http://conferences.idug.org/index.cfm

Roland Schiradin

AW: Getting Secondary Ids
(in response to Venkat Srinivasan)
You can code a stored proc (assembler) to run in an APF enabled environment
to return all the secondary ids. Another way might be LDAP

Roland

-----Ursprüngliche Nachricht-----
Von: DB2 Data Base Discussion List [mailto:[login to unmask email] Im Auftrag von Srini S Rajan
Gesendet: Freitag, 12. Dezember 2003 09:53
An: [login to unmask email]
Betreff: Getting Secondary Ids


Dear group,

How can I find the secondary ids for a given primary id. I want to find all the access rights of a user (given to his primary or secondary ids), but I dont find any catalog tables linking the primary ids and secondary id.

If it is stored outside in RACF, how can I access that information from JDBC or other client interfaces.

Thank You.

Srini S Rajan

---------------------------------------------------------------------------------
Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select "Join or Leave the list". If you will be out of the office, send the SET DB2-L NO MAIL command to [login to unmask email] The IDUG List Admins can be reached at [login to unmask email] Find out the latest on IDUG conferences at http://conferences.idug.org/index.cfm

---------------------------------------------------------------------------------
Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select "Join or Leave the list". If you will be out of the office, send the SET DB2-L NO MAIL command to [login to unmask email] The IDUG List Admins can be reached at [login to unmask email] Find out the latest on IDUG conferences at http://conferences.idug.org/index.cfm

Tina Hilton

Re: Getting Secondary Ids
(in response to Roland Schiradin)
Another option is to load the RACF data into DB2 and then query the table.
It wouldn't be up-to-the-minute, though. Just look at the members that
begin with RACDB in your sys1.samplib dataset. You could also use a stored
procedure in REXX to get the secondary ids, assuming that it had authority
to issue the LU command on any id.

Tina

-----Original Message-----
From: Schiradin,Roland HG-Dir itb-db/dc
[mailto:[login to unmask email]
Sent: Sunday, December 14, 2003 8:55 PM
To: [login to unmask email]
Subject: AW: Getting Secondary Ids


You can code a stored proc (assembler) to run in an APF enabled environment
to return all the secondary ids. Another way might be LDAP

Roland

-----Ursprüngliche Nachricht-----
Von: DB2 Data Base Discussion List [mailto:[login to unmask email] Im Auftrag
von Srini S Rajan
Gesendet: Freitag, 12. Dezember 2003 09:53
An: [login to unmask email]
Betreff: Getting Secondary Ids


Dear group,

How can I find the secondary ids for a given primary id. I want to find all
the access rights of a user (given to his primary or secondary ids), but I
dont find any catalog tables linking the primary ids and secondary id.

If it is stored outside in RACF, how can I access that information from JDBC
or other client interfaces.

Thank You.

Srini S Rajan

----------------------------------------------------------------------------
-----
Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home
page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select
"Join or Leave the list". If you will be out of the office, send the SET
DB2-L NO MAIL command to [login to unmask email] The IDUG List Admins
can be reached at [login to unmask email] Find out the latest on
IDUG conferences at http://conferences.idug.org/index.cfm

----------------------------------------------------------------------------
-----
Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home
page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select
"Join or Leave the list". If you will be out of the office, send the SET
DB2-L NO MAIL command to [login to unmask email] The IDUG List Admins
can be reached at [login to unmask email] Find out the latest on
IDUG conferences at http://conferences.idug.org/index.cfm

---------------------------------------------------------------------------------
Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select "Join or Leave the list". If you will be out of the office, send the SET DB2-L NO MAIL command to [login to unmask email] The IDUG List Admins can be reached at [login to unmask email] Find out the latest on IDUG conferences at http://conferences.idug.org/index.cfm

Roger Miller

Re: AW: Getting Secondary Ids
(in response to Tina Hilton)
A function was added to DB2 V6 & V7 via APAR PQ47973 in late 2001.
Customers have been asking for a technique that will return the list of
secondary authids to a program. Customers can use the Instrumentation
Facility interface or IFI to retrieve this information with a synchronous
READS call. QMF V7.2 uses this function in the LIST TABLES command and
provides a table UDF which makes the secondary ids available in SQL.

Roger Miller

On Mon, 15 Dec 2003 02:54:31 +0100, Schiradin,Roland HG-Dir itb-db/dc
<[login to unmask email]> wrote:

>You can code a stored proc (assembler) to run in an APF enabled
environment
>to return all the secondary ids. Another way might be LDAP
>
>Roland
>
>-----Ursprüngliche Nachricht-----
>Von: DB2 Data Base Discussion List [mailto:[login to unmask email] Im
Auftrag von Srini S Rajan
>Gesendet: Freitag, 12. Dezember 2003 09:53
>An: [login to unmask email]
>Betreff: Getting Secondary Ids
>
>
>Dear group,
>
>How can I find the secondary ids for a given primary id. I want to find
all the access rights of a user (given to his primary or secondary ids),
but I dont find any catalog tables linking the primary ids and secondary
id.
>
>If it is stored outside in RACF, how can I access that information from
JDBC or other client interfaces.
>
>Thank You.
>
>Srini S Rajan
>
>--------------------------------------------------------------------------
-------
>Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and
home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page
select "Join or Leave the list". If you will be out of the office, send
the SET DB2-L NO MAIL command to [login to unmask email] The IDUG List
Admins can be reached at [login to unmask email] Find out the
latest on IDUG conferences at http://conferences.idug.org/index.cfm
>
>--------------------------------------------------------------------------
-------
>Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and
home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page
select "Join or Leave the list". If you will be out of the office, send
the SET DB2-L NO MAIL command to [login to unmask email] The IDUG List
Admins can be reached at [login to unmask email] Find out the
latest on IDUG conferences at http://conferences.idug.org/index.cfm

---------------------------------------------------------------------------------
Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select "Join or Leave the list". If you will be out of the office, send the SET DB2-L NO MAIL command to [login to unmask email] The IDUG List Admins can be reached at [login to unmask email] Find out the latest on IDUG conferences at http://conferences.idug.org/index.cfm

James Campbell

Re: Getting Secondary Ids
(in response to Roger Miller)
The IFCID is 0234, added by PQ47973. It's not documented in the Admin
Guide section on READS - you'll have to read the APAR text.

James Campbell


On Sun, 14 Dec 2003 20:01:15 +1000, James Campbell
<[login to unmask email]> wrote:

<snip>
>
>There is an IFCID (forget the number) that will return the list of
>secondary-ids for the current user. There is a QMF V7 UDF that
>returns this list in a table function.
>
<rest snipped>

---------------------------------------------------------------------------------
Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select "Join or Leave the list". If you will be out of the office, send the SET DB2-L NO MAIL command to [login to unmask email] The IDUG List Admins can be reached at [login to unmask email] Find out the latest on IDUG conferences at http://conferences.idug.org/index.cfm