IBM Data & AI

 Welcome to the IBM Data & AI Ideas Portal for Clients! 

We welcome and appreciate your feedback on IBM Data & AI Products to help make them even better than they are today!
Before you submit an idea, please perform a search first as a similar idea may have already been reported in the portal.  If a related idea is not yet listed, please create a new idea and include with it a description which includes expected behavior as well as why having this feature would improve the service and how it would address your use case.
IBM Employees:
Clients:
  • Our team welcomes any feedback  and suggestions you have for improving our offerings / products!  This forum allows us to connect your offering / product improvement ideas with IBM product and engineering teams.
  • If you have not registered on this portal please click on the following link and register.  To complete registration you will need to open the email you will receive from Aha to confirm your identity. http://ibm.biz/IBM-Data-and-AI-Portal-Register
Additional Information:
  • The shorter URL for this site is: https://ibm.biz/IBM-Data-and-AI-Ideas
  • To view our roadmaps: http://ibm.biz/Data-and-AI-Roadmaps
  • Reminder: This is not the place to submit defects or support needs, please use normal support channel for these cases
  • Please do not use the Ideas Portal for reporting bugs - we ask that you report bugs or issues with the product by contacting IBM support.

Security & Permissions

 

A user should ONLY be able to view objects of a schema that has explicit privileges (unless the owner).

Eg. If we say 'grant schemaadm on schema abc to role xyz' then any user in that role should be able to view the tables in schema abc. (like LIST in NZ).

 

Be able to grant 'create table/drop table privilege' to a user/group/role in Db2 like NZ. We have CREATEIN on a schema but that will allow for other objects other than tables to be created in the schema and CREATETAB is at the database level.

  • Chandhra Vadlamudi
  • Jul 2 2019
  • Needs review
Why is it useful?
Who would benefit from this IDEA? As a customer I want to be able to grant above listed permission to be in compliant with our Netezza security mode.
How should it work?

A user should ONLY be able to view objects of a schema that has explicit privileges (unless the owner).

Eg. If we say 'grant schemaadm on schema abc to role xyz' then any user in that role should be able to view the tables in schema abc. (like LIST in NZ).

 

Be able to grant 'create table/drop table privilege' to a user/group/role in Db2 like NZ. We have CREATEIN on a schema but that will allow for other objects other than tables to be created in the schema and CREATETAB is at the database level.

Idea Priority Urgent
Priority Justification We are migrating all our Netezza servers to IIAS.
Customer Name Blue Shield of CA
Submitting Organization
Submitter Tags
  • Attach files
  • Admin
    Maryia Rakina commented
    8 Jul, 2019 07:00pm

    Hi Chandra, we are reviewing your request and will get back to you soon. Thank you for your patience!

    Maryia Rakina,

    HDM Offering Management

  • Chandhra Vadlamudi commented
    3 Jul, 2019 11:47pm

    1) May I know what is the replacement for "LIST" permission in Netezza?

    2) As our ELT involves creating and dropping tables, we do class level permissions. We can't grant access on individual/specific objects.

    Example Nz commands:

    grant select on table to NZ_DB_PERMISSION_GRP_RO;

    grant select on view to NZ_DB_PERMISSION_GRP_RO;

    If you see above commands, there is "NO" tablename or viewname mentioned. I call it object class wise permission at schema level. I am granting SELECT on all tables and views (existing & future).

    Below are the commands we use in day to day work. We need replacement for below.

     

    create group NZ_DB_PERMISSION_GRP_RO

    grant list on NZ_DB_PERMISSION to NZ_DB_PERMISSION_GRP_RO

    grant temp table to NZ_DB_PERMISSION_GRP_RO;

    grant execute on aggregate to NZ_DB_PERMISSION_GRP_RO;

    grant list on aggregate to NZ_DB_PERMISSION_GRP_RO;

    grant list on external table to NZ_DB_PERMISSION_GRP_RO;

    grant select on external table to NZ_DB_PERMISSION_GRP_RO;

    grant execute on function to NZ_DB_PERMISSION_GRP_RO;

    grant list on function to NZ_DB_PERMISSION_GRP_RO;

    grant execute on procedure to NZ_DB_PERMISSION_GRP_RO;

    grant list on procedure to NZ_DB_PERMISSION_GRP_RO;

    grant list on sequence to NZ_DB_PERMISSION_GRP_RO;

    grant select on sequence to NZ_DB_PERMISSION_GRP_RO;

    grant list on synonym to NZ_DB_PERMISSION_GRP_RO;

    grant select on synonym to NZ_DB_PERMISSION_GRP_RO;

    grant list on table to NZ_DB_PERMISSION_GRP_RO;

    grant select on table to NZ_DB_PERMISSION_GRP_RO;

    grant list on view to NZ_DB_PERMISSION_GRP_RO;

    grant select on view to NZ_DB_PERMISSION_GRP_RO;

    grant create temp table to NZ_DB_PERMISSION_GRP_RO;

     

    create group NZ_DB_PERMISSION_GRP_RW

    grant list on NZ_DB_PERMISSION to NZ_DB_PERMISSION_GRP_RW

    grant list, execute on function to NZ_DB_PERMISSION_GRP_RW
    grant create temp table to NZ_DB_PERMISSION_GRP_RW ;

    grant execute on aggregate to NZ_DB_PERMISSION_GRP_RW ;


    grant list on aggregate to NZ_DB_PERMISSION_GRP_RW ;

    grant list on external table to NZ_DB_PERMISSION_GRP_RW ;
    grant list, execute on function to NZ_DB_PERMISSION_GRP_RW

    grant select on external table to NZ_DB_PERMISSION_GRP_RW ;


    grant execute on function to NZ_DB_PERMISSION_GRP_RW ;

    grant list on function to NZ_DB_PERMISSION_GRP_RW ;

    grant execute on procedure to NZ_DB_PERMISSION_GRP_RW ;

    grant list on procedure to NZ_DB_PERMISSION_GRP_RW ;

    grant list on sequence to NZ_DB_PERMISSION_GRP_RW ;

    grant select on sequence to NZ_DB_PERMISSION_GRP_RW ;

    grant list on synonym to NZ_DB_PERMISSION_GRP_RW ;

    grant select on synonym to NZ_DB_PERMISSION_GRP_RW ;

    grant list on table to NZ_DB_PERMISSION_GRP_RW ;

    grant select on table to NZ_DB_PERMISSION_GRP_RW ;

    grant list on view to NZ_DB_PERMISSION_GRP_RW ;

    grant select on view to NZ_DB_PERMISSION_GRP_RW ;

    grant aggregate to NZ_DB_PERMISSION_GRP_RW ;

    grant external table to NZ_DB_PERMISSION_GRP_RW ;

    grant function to NZ_DB_PERMISSION_GRP_RW ;

    grant materialized view to NZ_DB_PERMISSION_GRP_RW ;

    grant procedure to NZ_DB_PERMISSION_GRP_RW ;

    grant sequence to NZ_DB_PERMISSION_GRP_RW ;

    grant synonym to NZ_DB_PERMISSION_GRP_RW ;

    grant table to NZ_DB_PERMISSION_GRP_RW ;

    grant view to NZ_DB_PERMISSION_GRP_RW ;

    grant drop on aggregate to NZ_DB_PERMISSION_GRP_RW ;

    grant alter on aggregate to NZ_DB_PERMISSION_GRP_RW ;

    grant delete on sequence to NZ_DB_PERMISSION_GRP_RW ;

    grant update on sequence to NZ_DB_PERMISSION_GRP_RW ;

    grant delete on synonym to NZ_DB_PERMISSION_GRP_RW ;

    grant delete on table to NZ_DB_PERMISSION_GRP_RW ;

    grant genstats on table to NZ_DB_PERMISSION_GRP_RW ;

    grant insert on table to NZ_DB_PERMISSION_GRP_RW ;

    grant truncate on table to NZ_DB_PERMISSION_GRP_RW ;

    grant update on table to NZ_DB_PERMISSION_GRP_RW ;

    grant alter on view to NZ_DB_PERMISSION_GRP_RW ;


    create group NZ_DB_PERMISSION_GRP_SVC
    CREATE GROUP
    grant list on NZ_DB_PERMISSION to NZ_DB_PERMISSION_GRP_SVC

    grant table to NZ_DB_PERMISSION_GRP_SVC;
    grant list, execute on function to NZ_DB_PERMISSION_GRP_SVC

    grant temp table to NZ_DB_PERMISSION_GRP_SVC;


    grant external table to NZ_DB_PERMISSION_GRP_SVC;
    grant list, execute on function to NZ_DB_PERMISSION_GRP_SVC

    grant execute on aggregate to NZ_DB_PERMISSION_GRP_SVC;

    grant list on aggregate to NZ_DB_PERMISSION_GRP_SVC;


    grant list on external table to NZ_DB_PERMISSION_GRP_SVC;

    grant select on external table to NZ_DB_PERMISSION_GRP_SVC;

    grant execute on function to NZ_DB_PERMISSION_GRP_SVC;

    grant list on function to NZ_DB_PERMISSION_GRP_SVC;

    grant execute on procedure to NZ_DB_PERMISSION_GRP_SVC;

    grant list on procedure to NZ_DB_PERMISSION_GRP_SVC;

    grant list on sequence to NZ_DB_PERMISSION_GRP_SVC;

    grant select on sequence to NZ_DB_PERMISSION_GRP_SVC;

    grant delete on sequence to NZ_DB_PERMISSION_GRP_SVC;

    grant update on sequence to NZ_DB_PERMISSION_GRP_SVC;

    grant list on synonym to NZ_DB_PERMISSION_GRP_SVC;

    grant select on synonym to NZ_DB_PERMISSION_GRP_SVC;

    grant delete on synonym to NZ_DB_PERMISSION_GRP_SVC;

    grant list on table to NZ_DB_PERMISSION_GRP_SVC;

    grant select on table to NZ_DB_PERMISSION_GRP_SVC;

    grant delete on table to NZ_DB_PERMISSION_GRP_SVC;

    grant genstats on table to NZ_DB_PERMISSION_GRP_SVC;

    grant insert on table to NZ_DB_PERMISSION_GRP_SVC;

    grant truncate on table to NZ_DB_PERMISSION_GRP_SVC;

    grant update on table to NZ_DB_PERMISSION_GRP_SVC;

    grant drop on table to NZ_DB_PERMISSION_GRP_SVC;

    grant list on view to NZ_DB_PERMISSION_GRP_SVC;

    grant select on view to NZ_DB_PERMISSION_GRP_SVC;

     


    create group NZ_DB_PERMISSION_GRP_VIEW

    grant list on NZ_DB_PERMISSION to NZ_DB_PERMISSION_GRP_VIEW

    create view TO NZ_DB_PERMISSION_GRP_VIEW;

    drop ON view TO NZ_DB_PERMISSION_GRP_VIEW;

NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "anonymous@euprivacy.out" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions