0

I have DB2 10.1 on Linux and I connect to it using Kerberos auth. Problem is that my user doesn't have permissions to do stuff so I need to impersonate another user using "SET SESSION_USER = otheruser".

This works fine if I use a client like DBArtisan, but I need to do this using JDBC and it doesn't seem to work. I've tried to execute the query every time a connection is created, I can query the value of the register and it has changed, but I still get errors if I try to query the tables my user doesn't have access to but the session user does.

Any ideas?

Improve this question
1
  • "I still get errors" -- care to tell us what kinds of errors? Commented Mar 13, 2014 at 12:20

2 Answers 2

Reset to default
1

I have never used DB2, but a little googling led me to this page:

specialRegisters=special-register-name=special-register-value,…special-register-name=special-register-value

A list of special register settings for the JDBC connection. You can specify one or more special register name and value pairs. Special register name and value pairs must be delimited by commas (,). The last pair must end with a semicolon (;). For example:

    String url = 
     "jdbc:db2://sysmvs1.stl.ibm.com:5021/STLEC1" +
     ":user=dbadm;password=dbadm;" +
     "specialRegisters=CURRENT_PATH=SYSIBM,CURRENT CLIENT_USERID=test" + ";";
    Connection con = 
       java.sql.DriverManager.getConnection(url);

For special registers that can be set through IBM Data Server Driver for JDBC and SQLJ Connection properties, if you set a special register value in a URL string using specialRegisters, and you also set that value in a java.util.Properties object using the following form of getConnection, the special register is set to the value from the URL string.

As SESSION_USER is a special register, this seems to imply you need to specify it with your connection properties as

specialRegisters=SESSION_USER=otheruser;

Either in the JDBC url, or in the properties.

However as I have never used DB2, I don't know if this is the actual solution.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Normally the server-wide database connection pools are created with a specific user with the proper permissions as decided by the DBAs. Why don't you just ask your DBAs for the appropriate grants for that user? This would be the 'kind' approach instead of trying to circumvent their permissions policies by some java piece of code, something they may not like if they know of...

Improve this answer

1 Comment

The thing is that my Kerberos user is not meant to have those permissions. I have to ask for a permission to impersonate this "otheruser" to run DB queries.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.