Db2

Db2

Connect with Db2, Informix, Netezza, open source, and other data experts to gain value from your data, share insights, and solve problems.

 View Only

  • 1.  .lob files

    Posted Thu September 19, 2024 04:01 PM

    Need help. I am completely unfamiliar with DB2, but I am trying to do a database audit for our company. One of the files returned is an .lob file and when I open it with Word or Text Pad, it shows strange symbols, like squares filling the page. Does anybody know of an easy way to open this file so I can actually read what's contained in it? Any help is greatly appreciated.



    ------------------------------
    John L
    ------------------------------


  • 2.  RE: .lob files

    Posted Thu September 19, 2024 05:27 PM

    John,

    When you say "one of the files returned" how exactly do you mean.   The most common way I would expect to see .lob files produced is if someone did an export of a table containing LOB (CLOB, BLOB) files and they used the export parameter "MODIFIED BY LOBSINSEPFILES".   That dumps the non-LOB contents of the table to a standard export file, but puts each of the LOB columns into a separate file.   In the main file you'd get a reference to the file name for each row / column combination.  

    If you are seeing strange symbols in this file, it is most likely a BLOB (binary large object column).   You'd therefore need to know what produced the binary data.   BLOBs are typically used for multimedia files such as photos, videos and such like.

    If you could provide a bit more detail that would be helpful.  Particularly the contents of the directory where you see this .lob file and any files with similar names.

    HTH

    Phil Nelson



    ------------------------------
    Philip Nelson
    Senior Database Software Engineer
    Lloyds Banking Group / ScotDB Limited
    Edinburgh
    ------------------------------

    Original Message


  • 3.  RE: .lob files

    Posted Thu September 19, 2024 05:53 PM
      |   view attached

    Phil,

    Thank you very much for your response. I apologize for the lack of detail, but I am a database novice as I only perform database access reviews for our company. Basically, I asked for a user listing for all accounts which have access to our PA2 system in SAP, which is apparently held on a DB2 database. I received SYSIBM.SYSUSERAUTH csv files, which I can obviously read, but the addended lob file just shows symbols. In this review I am performing, it looks like the lob file characters are populating the Auth_Desc column in this review, which I am assuming shows what kind of access these accounts have and is critical to this review.  I have attached a screenshot of the file names hoping that will help. When you say BLOB files, do you mean binary, as if they would only show numbers?



    ------------------------------
    John Lacy
    ------------------------------

    Original Message


  • 4.  RE: .lob files

    Posted Thu September 19, 2024 06:37 PM

    Hi!

    The only column in  SYSIBM.SYSUSERAUTH which is of type BLOB is column AUTH_DESC:



    I doubt very much whether interpretation of this binary LOB will give you any useful information. SYSIBM schema is considered internal to Db2; IBM documents catalog views defined in schema SYSCAT.

    I strongly believe that database access review would be more efficient if you would work closely with DBA maintaing this database. 



    ------------------------------
    Jan Nelken
    ------------------------------

    Original Message


  • 5.  RE: .lob files

    Posted Fri September 20, 2024 07:58 AM

    John,

    So what appears to have happened here is that they've exported that table in its entirety.   The main data goes to pa2_SYSIBM.SYSUSERAUTH_new4.csv and all the contents of that BLOB column goes into the file suffixed with .001.lob.   This way of exporting data is usually used for moving user data from one table to another since the contents of that .lob file are really only easily interpreted by the LOAD utility.

    However you are going about this evaluation in a very unusual way.  There are some things you need to consider -

    • As Jan has already stated, user access to the catalog is via the SYSCAT (and SYSSTAT) views, rather than the raw tables directly.   You'll find them all documented here : https://www.ibm.com/docs/en/db2/11.5?topic=sql-catalog-views.   One potential reason you've been given SYSIBM data is that the person doing it is from a mainframe (Db2 for z/OS) environment background, where you would typically look at the SYSIBM tables.
    • You would typically review the security by querying the catalog views directly rather than getting dumps of data.  If you are getting dumps of data then the export SQL needs to be tailored to the information you actually need (there is lots of information in there that isn't relevant to reviews)
    • As  well as the catalog information you are also going to need information about users and groups from the external security manager.  Most typically this is the OS security system (e.g. on UNIX /etc/passwd and /etc/group) but there may be other systems such as Kerberos in there too.

    As Jan has already indicated, you really need to work with someone who understands how Db2 is structured before you can progress this properly.   Db2 does things very differently from other databases in some respects (one big difference is that it uses external security managers, which very few other databases do to the same extent).     It is difficult to review something that you don't understand.

    Phil




    Original Message


  • 6.  RE: .lob files

    Posted Fri September 20, 2024 10:00 AM

    I concur with Phil in his response above....you probably want data out of the SYSCAT views for your audit.  Below is a little spreadsheet of the 'AUTH' views you would most likely want to consider...those highlighted in red being the most likely. 

    Andy


    ------------------------------
    Andy McLaughlin
    Great American Insurance
    Cincinnati
    ------------------------------

    Original Message