Is there an equivalent to setuid and setgroup on NT for DB2 security?

We solve this whole issue by not giving users direct access to the database.
We use an application ID. That way the users must use the application to
access the database and lightens the load on the dba. You can handle application
access (at least) one of two ways. First, create your own application security
module. This makes it system independent. The application can get the currently
logged on user ID. Second, use LDAP to find the User id (application gets
the currently logged on user ID) and what groups he is in. You should be
able to modify this information through LDAP.

Mark

"Saleem Abdelsayed" <sabdelsayed@primeresponse.com> wrote:
>
>--DB2: Privileges and Roles, Security, Windows NT--
>As most will know, DB2 implements security through tight coupling with
>the OS. As such our AIX DB2 application depends on a permanent Unix
>group to which many privileges are granted (Such as Select x, Drop x, etc).
> Our application makes use of SetUID and SetGroup to change peoples
>privileges online. This means that when a user logs into Unix they will
>have limits DB2 privileges, however, when running our application,
>their privileges are amended to those authorise by the user/group they
>are set to. This works well and gives us a lot of flexibility. My
>question (finally) is... Does such a mechanism exist on NT or Win2000?

>If not, are there alternatives that anyone can recommend?
>