On Tue, 2014-05-27 at 01:50 +0000, Mike Cunningham wrote:
Does anyone have any information about how row and column access in DB2 in version 7.2 will be able to be utilized in a web application? All of the web applications we run authenticate to iSeries credentials but they do not really "logon" in the traditional 5250 sense. The jobs do not run under the end users, user profile, then run under QTMHHTTP user. My guess is that DB2 can't enforce something it does not know about.
No it can't (as far as I'm aware from other http servers) what is needed
is for the back end http application to use the validated credentials to
access the DB using substitution.
user/pwd <> shttp(QTHTTP) <> app(store user/pwd, or some such)
update cust <> shttp <> app(stored user) > DB(stored user)
Obviously this requires some kind of session state per user, which you
may or may not have depending on what you do once the initial
credentials have been validated.
I have done similar things when playing with IIS/MSSQL but not down to
individual users, instead I've used a "hard coded" MSSQL user within IIS
which was running under the IIS user.
If I remember correctly, its not that easy to store the session state on
the server (it doesn't understand it, per say, any thread could be used
to serve the http, not necessarily the same one as initially used) so I
had to look at storing a cookie on the users machine, that could then be
used by the server to tie back to a user for the db but I gave up at
that point... as I say, it was purely "playing around."
Thats not to say it can't/can be done on the server in another way, just
I didn't investigate further as what i'd done worked well enough.