External routines with shared libraries that are outside the database server can be security risks. External routines include user-defined routines (UDRs) and the routines in DataBlade modules. A database server administrator (DBSA), the user informix by default, can implement security measures that establish which users can register external routines. This prevents unauthorized users from registering the external routines.
Use the IFX_EXTEND_ROLE configuration parameter to restrict the ability of users to register external routines.
The default value of the IFX_EXTEND_ROLE configuration parameter is 1 (on). (In versions 10.00.UC1 to 10.00.UC3 of Dynamic Server), the default was 0 (off).)
When the IFX_EXTEND_ROLE configuration parameter is set to on:
When you grant the EXTEND role to a specific user, the sysroleauth system catalog table is updated to reflect the new built-in role.
After you set the IFX_EXTEND_ROLE configuration parameter to On, a DBSA can use the following syntax to grant and revoke privileges to and from specific users.
If you do not want to restrict UDR access, set the IFX_EXTEND_ROLE configuration parameter to0 ( Off). When the IFX_EXTEND_ROLE parameter is set to Off, the EXTEND role is not operational and any user can register external routines.
The DB-Import Utility, in particular, is affected when the IFX_EXTEND_ROLE configuration parameter is set to 1 (on) because a user who uses DB-Import to create a new database has not been given an extend role on that database.
For more information, see the IBM Informix Guide to SQL: Syntax.
Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]