Frank Swarbrick wrote:
>>>> On 3/18/2008 at 11:15 AM, in message
> <64abl8F2b7lv2U1@mid.individual.net>,
> Serge Rielau<srielau@ca.ibm.com> wrote:
>> Gladiator wrote:
>>> Hi ,
>>>
>>> Can someone tell me how do i grant a Read privilage on all the tables
>>> in a schema X to a different user who is not the owner of the Schema .
>>> I dont want to grant him the Alterin privilage to the user.I just want
>>> the user to read the tables in a schema for which he is not the owner.
>>>
>>> I have more than 100 tables with different names. so it is difficult
>>> to give grant select on each table.
>> Now, now.. it's not THAT hard.... (untested)
>>
>> db2 "SELECT 'GRANT SELECT ON "' || tabschema || '"."' || tabname || '"
>> TO USER joe' FROM SYSCAT.TABLES WHERE tabschema = 'JILL'" > grant.ddl
>> db2 -tvf grant.ddl
>
> Thanks to Gladiator for bringing up this issue, because it has also been on
> my mind.
>
> The "problem" with Serge's answer is that any tables created after this
> script is run will still require GRANT to be done for each new table.
>
> The reason I put quotes around "problem" is I am fairly certain that this is
> quite intentional, in that for "security" reasons DB2 wants a DBA or the
> link to explictly grant rights to new tables that are created. I understand
> that, though I'm not sure I agree. But since I'm not the DBA that has to do
> all of the 'extra work' this causes perhaps I shouldn't care. :-)
DB2 supports what you are asking for for routines, btw:
http://publib.boulder.ibm.com/infoce.../r0007699.html

So the reason is indeed not technical. It's ideological..
which is worse if you want to change it ;-)

Cheers
Serge
--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab