# How to do Almost Everything (to Administer Db2) via SQL and Jupyter Notebook
This Notebook is designed to share the SQL and python code related to the presentation titled How to do Almost Everything (to Administer Db2) via SQL and Jupyter Notebook

## Disclaimer
Run at your own risk. Understand what each cell is doing before executing it. This is not a perfect document or perfect code. Depending on your system, some parts may or may not work. There are no guarantees or support. Interpretation of a skilled Db2 DBA is required.

## License
This notebook is covered under a GNU General Public License. Details are available at https://github.com/ecrooks/db2_and_jupyter_notebooks/blob/master/LICENSE.txt

## Instructions for running
1. Install Jupyter Notebook using Anaconda (https://www.anaconda.com/distribution/)
    - Anaconda can be installed on your laptop or a vm on your laptop - anywhere you can connect to the databases in question. This works well if you are working with it alone, or have to connect to different vpns to connect to different databases
    - Anaconda can be installed on a central VM or server that can connect to the databases you wish to work with. This works well if you are working with a team of DBAs and only need to work with databases on that one network. Anaconda works just fine on Ubuntu if you are looking for a free option
    - Anaconda can be installed directly on the database server. This is generally my last choice, as I would rather not run an http server on my database server. I also rarely only care about one database server.
1. Copy this notebook to the computer you've installed Jupyter Notebook on. I'll refer to this as your Jupyter Notebook server. 
1. Create a separate file to store enviornment variables. I've called mine ember_variables.py, and I run it in a cell below. This allows you to easily share the notebook without also sharing your ids and passwords and other sensative information. This also makes using git or other source control easy so you can keep notebooks updated across multiple locations. The format for this file is laid out below.
1. I strongly recommend using a table of contents via the nbextensions module to configure a table of contents to navigate this document. The options for this should appear on the bottom of the edit menu after you have installed the libraries in the first code cell.
1. Cells up through the database connection one should be run one by one to immediately detect and deal with errors. After the database connection cell, all further cells can be run using "Run All Below" from the Cell menu.

### Format for variables file
The ember_variables.py file has a format like this:
```python
NA1_User='yourid'
NA1_PW='yourpw'

NA1_Host='server1.example.com'
NA1_insts = ('db2inst1', 'db2inst2', 'db2inst3', 'db2inst4')
NA1_ports = {'db2inst1': 50001, 'db2inst2': 50002, 'db2inst3':50003, 'db2inst4':50004}
NA1_dbs = {'db2inst1': ['SAMPLE1'], 'db2inst2': ['SAMPLE2'], 'db2inst3':['SAMPLE3'], 'db2inst4':['SAMPLE4','SAMPLE5']}
```
Feel free to structure things differently and if you have any good ideas in this area, please share them.

## Set up the enviornment
### Install Libraries
Run the following cell if it is the first time using this notebook on a specific jupyter notebook server. If anything is installed, restart the kernel using the 'Kernel' menu at the top of this notebook

In [None]:
import sys,os,os.path
os.environ['IBM_DB_HOME']='C:\Program Files\IBM\SQLLIB'

# Check to see if the libraries already have been installed
import importlib

# Check for ibm_db_sa.  If it exists, it's safe to assume that the other requirements
# are already installed.
spec = importlib.util.find_spec("ibm_db_sa")
if spec is None:
    print("Installing prerequisites.")
    !pip install ipython-sql
    !pip install "ibm-db==2.0.8a"
    !pip install ibm_db_sa
else:
    print("sql magic, ibm_db and ibm_db_sa already installed.")
spec = importlib.util.find_spec("jupyter_contrib_nbextensions")
if spec is None:
    print("Installing prerequisites.")
    !pip install jupyter_contrib_nbextensions
    !pip install jupyter_nbextensions_configurator
else:
    print("jupyter_contrib_nbextensions is already installed.")


Restart the Kernel if this is your first time installing the above. The next steps will fail unless you do this.

### Import the modules and load the SQL magic
Required each time the kernel for this notebook is started or restarted

In [1]:
import ibm_db
import ibm_db_sa
import sqlalchemy
%load_ext sql
import matplotlib
import numpy as np
import matplotlib.pyplot as plt
from matplotlib import cm
import matplotlib.dates as mdates
from datetime import datetime
import pandas as pd
from IPython.display import display, HTML, Markdown
import nbextensions

%matplotlib inline

import getpass

### Set Basic Variables and Connect to Database
Connect to the database. Change the values in your variables file to match the environment you're connecting to. The format for this file is provided above.

In [6]:
# Define filename for passwords
filename = 'ember_variables.py'
# source the file
%run $filename

In [7]:
# This is the database connection Cell
user=local_User
host=local_Host
inst='db2inst1'

db=local_dbs[inst][0]
port=local_ports[inst]

password = getpass.getpass('Enter password for '+user)

%sql db2+ibm_db://$user:$password@$host:$port/$db

Enter password for db2inst1········


'Connected: db2inst1@SAMPLE'

In [11]:
#Configure SQL Magic in a few nice ways
%config SqlMagic.style = 'MSWORD_FRIENDLY'
pd.set_option('max_rows', 4096)
pd.set_option('max_columns', 4096)

In [12]:
# Functions that may be used in multiple other cells
def highlight_equals(s,threshold,column):
    is_max = pd.Series(data=False, index=s.index)
    is_max[column] = s.loc[column] == threshold
    print(type(is_max))
    return ['background-color: yellow' if is_max.any() else '' for v in is_max]

## Investigating Database-Level Authorities and Permissions

### Finding Users with an Authority

In [13]:
%%sql connectauth << select grantee 
from syscat.dbauth 
where connectauth='Y'

 * db2+ibm_db://db2inst1:***@localhost:50000/SAMPLE
Done.
Returning data to local variable connectauth


In [14]:
display(connectauth)

grantee
PUBLIC
USER1
USER2


### Finding Authorities for a User the Old-Fashioned Way

In [22]:
%%sql id_auth << select dbadmauth
	, connectauth
	, dataaccessauth 
from syscat.dbauth 
where grantee='USER1'

 * db2+ibm_db://db2inst1:***@localhost:50000/SAMPLE
Done.
Returning data to local variable id_auth


In [23]:
display(id_auth)

dbadmauth,connectauth,dataaccessauth
N,Y,Y


### Finding Table Permissions for a User the Old-Fashioned Way

In [30]:
%%sql obj_perms_by_id << select substr(tabschema,1,8) as tabschema
	, substr(tabname,1,18) as tabname
	, controlauth
	, deleteauth
	, insertauth
	, selectauth
	, updateauth 
from syscat.tabauth 
where grantee='DB2INST1'

 * db2+ibm_db://db2inst1:***@localhost:50000/SAMPLE
Done.
Returning data to local variable obj_perms_by_id


In [31]:
display(obj_perms_by_id)

tabschema,tabname,controlauth,deleteauth,insertauth,selectauth,updateauth
DB2INST1,ACT,Y,G,G,G,G
DB2INST1,ADEFUSR,Y,G,G,G,G
DB2INST1,CATALOG,Y,G,G,G,G
DB2INST1,CL_SCHED,Y,G,G,G,G
DB2INST1,CUSTOMER,Y,G,G,G,G
DB2INST1,DEPARTMENT,Y,G,G,G,G
DB2INST1,EMPLOYEE,Y,G,G,G,G
DB2INST1,EMPMDC,Y,G,G,G,G
DB2INST1,EMPPROJACT,Y,G,G,G,G
DB2INST1,EMP_PHOTO,Y,G,G,G,G


### Finding Users Who Have Permissions on a Table

In [32]:
%%sql obj_perms_by_obj << select substr(grantee,1,8) as grantee
	, controlauth
	, deleteauth
	, insertauth
	, selectauth
	, updateauth 
from syscat.tabauth 
where tabschema='DB2INST1' 
	and tabname='SALES'

 * db2+ibm_db://db2inst1:***@localhost:50000/SAMPLE
Done.
Returning data to local variable obj_perms_by_obj


In [33]:
display(obj_perms_by_obj)

grantee,controlauth,deleteauth,insertauth,selectauth,updateauth
DB2INST1,Y,G,G,G,G


### Listing Privileges by User the Easy Way

In [45]:
%%sql obj_perms << select * 
from sysibmadm.privileges 
where authid='DB2INST1'
    and objecttype!='DB2 PACKAGE'

 * db2+ibm_db://db2inst1:***@localhost:50000/SAMPLE
Done.
Returning data to local variable obj_perms


In [46]:
display(obj_perms)

authid,authidtype,privilege,grantable,objectname,objectschema,objecttype,parentobjectname,parentobjecttype
DB2INST1,U,CONTROL,N,ACT,DB2INST1,TABLE,,
DB2INST1,U,CONTROL,N,ADEFUSR,DB2INST1,MATERIALIZED QUERY TABLE,,
DB2INST1,U,CONTROL,N,CATALOG,DB2INST1,TABLE,,
DB2INST1,U,CONTROL,N,CL_SCHED,DB2INST1,TABLE,,
DB2INST1,U,CONTROL,N,CUSTOMER,DB2INST1,TABLE,,
DB2INST1,U,CONTROL,N,DEPARTMENT,DB2INST1,TABLE,,
DB2INST1,U,CONTROL,N,EMPLOYEE,DB2INST1,TABLE,,
DB2INST1,U,CONTROL,N,EMPMDC,DB2INST1,TABLE,,
DB2INST1,U,CONTROL,N,EMPPROJACT,DB2INST1,TABLE,,
DB2INST1,U,CONTROL,N,EMP_PHOTO,DB2INST1,TABLE,,


### Listing Groups a User is a Member Of

In [48]:
%%sql groups_for_id << select * from
    table(AUTH_LIST_GROUPS_FOR_AUTHID('DB2INST1'))

 * db2+ibm_db://db2inst1:***@localhost:50000/SAMPLE
Done.
Returning data to local variable groups_for_id


In [49]:
display(groups_for_id)

GROUP
DB2IADM1


### Listing Authorities for an ID

In [None]:
%%sql auths_for_id << select * from
    table(AUTH_LIST_AUTHORITIES_FOR_AUTHID('ekc438','U'))