IBM/db2forzosdeveloperextension-about

Deployment user used as identifier for schema?

Opened this issue · 1 comments

ThomasLieser commented
  • Db2 Developer Extension version: 2.1.6
  • Editor platform
    • Visual Studio Code
    • Eclipse Theia
  • Editor platform version: 1.77.3
  • Operating system on which your editor runs (for example, Windows 10 2004 or MacOS Catalina 10.15.7): WINDOWS 10
  • Java Version (Run java -version and paste the details here): AdoptOpenJDK 11.0.10
  • Db2 for z/OS version (including function level for Db2 12): DB2 V12
  • Log files attached?: No

Problem description

In our company we deploy StPs and UdFs using a "deployment user" - this deployment user has the needed access rights to our DB2 tables, StPs, Udfs and so on.
The user who deploys has the access rights to use this deployment user.
That means in the following example:

  • deployment user ADBAP#V has the right to SELECT on AYCICEO.TVVS101
  • "my" user has the right to deploy using ADBAP#V - it does not need to have SELECT rights on AYCICEO.TVVS101
  • the "application user" (the RACF user the server uses to establish the DB2 connection) only has execute rights on the StPs
  • this way we achieve a high level of security

In Datastudio we specify where to deploy the StP (in which schema).
So, a simple test procedure like this will deploy easily in Datastudio

CREATE PROCEDURE PCMS000_VSCODE_EXAMPLE ()
	VERSION R202420                                      
    LANGUAGE SQL                               
    READS SQL DATA   
	ASUTIME LIMIT 999
	COMMIT ON RETURN YES
P1: BEGIN
	
	declare t integer;
	select count(*) into t from tvvs001;
	
END P1

Other deployment options in Datastudio are:

  • Target schema: AYCICEO
  • Default path: SYSIBM,SYSFUN,SYSPROC
  • Procedure Options: ISOLATION LEVEL CS PACKAGE OWNER ADBAP#V
  • Build owner: ADBAP#V
  • Package owner: ‪ADBAP‬‎#‪V
    When deploying Datastudio adds the option while deploying or set them before sending the statement that creates the procedure.

After deployment of the procedure to AYCICEO the table AYCICEO.TVVS001 will be referenced.

During deployment the following can be found on the trace

executeUpdate (SET CURRENT SQLID = 'ADBAP#V') called
executeUpdate (SET SCHEMA = AYCICEO) called
executeUpdate (SET CURRENT PATH = SYSIBM,SYSFUN,SYSPROC) called
execute (ALTER PROCEDURE PCMS000_VSCODE_EXAMPLE
REPLACE VERSION R202420 ()

LANGUAGE SQL                               
READS SQL DATA   
ASUTIME LIMIT 999
COMMIT ON RETURN YES
ISOLATION LEVEL CS
PACKAGE OWNER ADBAP#V

P1: BEGIN

declare t integer;
select count(*) into t from tvvs001;

END P1) called

If we try to do the same in the db2Extension we are ending up with an error, because the extension deploys differently?
DB2 SQL Warning: SQLCODE=204, SQLSTATE=01532, SQLERRMC=ADBAP#V.TVVS001, DRIVER=4.32.28
The settings in db2Extension are

  • Target schema: AYCICEO
  • Build owner: ADBAP#V
  • Default path:

Maybe I'm missing something here (how set this up in db2Extension properties) - but when I looked at the trace in VSCode it looks differently. How do I enter this in the deployment options in VSCode

equalchenbj commented

@ThomasLieser Thank you for reporting this issue. We'll create an internal issue to track it.