Security for external routines (UDRs)

External routines with shared libraries that are outside the database server can be security risks. External routines include user-defined routines (UDRs) and the routines in DataBlade modules.

A database server administrator (DBSA), the user informix by default, can implement security measures that establish which users can register external routines. This prevents unauthorized users from registering the external routines.

Use the IFX_EXTEND_ROLE configuration parameter to restrict the ability of users to register external routines.

The default value of the IFX_EXTEND_ROLE configuration parameter is 1 (or On).

When the IFX_EXTEND_ROLE configuration parameter is set to On:

When you grant the EXTEND role to a specific user, the sysroleauth system catalog table is updated to reflect the new built-in role.

After you set the IFX_EXTEND_ROLE configuration parameter to On, a DBSA can use the following syntax to grant and revoke privileges to and from specific users.

If you do not want to restrict UDR access, set the IFX_EXTEND_ROLE configuration parameter to 0 (or Off). When the IFX_EXTEND_ROLE parameter is set to Off, the EXTEND role is not operational and any user can register external routines.

The dbimport utility, in particular, is affected when the IFX_EXTEND_ROLE configuration parameter is set to On because a user who uses dbimport to create a new database has not been given an extend role on that database.

For more information, see the HCL Informix® Guide to SQL: Syntax.


Copyright© 2019 HCL Technologies Limited