[DB2 learning records] 5. Basic DB2 security concepts-privilege

Similar to Oracle!

There are two types of privileges: database-level privileges (for all objects in the database) and Object-level privileges (associated with specific objects ).

Database-level privileges that users can possess:

• Createtab: You can create tables in the database.
• Bindadd: You can use the BIND command to create packages in the database.
• Connect: you can connect to the database.
• Create_not_fenced: You can create unfenced user-defined functions (udfs ).
• Implicit_schema: You can implicitly create a schema in a database without using the create schema command.
• Load: you can load data into a table.
• Quiesce_connect: You can access a database in the silent State.
• Create_external_routine: the process that can be used by other users who can create the application and database.

• Privileged name	Related objects	Description
  Control	Tables, views, indexes, packages, aliases, different types, user-defined functions, Sequences	All permissions on objects are provided. Users with such privileges can also grant or revoke the privileges on objects to other users.
  Delete	Tables and views	Allows users to delete records from objects.
  Insert	Tables and views	Allows you to insert records into objects using the insert or import command.
  Select	Tables and views	Provides the ability to view object content using the selection statement.
  Update	Tables and views	You can use the update statement to modify records in an object.
  Alter	Table	You can use the change statement to change the object definition.
  Index	Table	You can use the index creation statement to create an index on an object.
  References	Table	Allows you to create or delete foreign key constraints on an object.
  Bind	Package	Allows you to rebind existing packages.
  Execute	Packages, processes, functions, and methods	Allows users to execute packages and routines.
  Alterin	Mode	Allows you to modify the object definition in the mode.
  Createin	Mode	Allows users to create objects in the mode.
  Dropin	Mode	Allows you to delete objects in the mode.

  Information about object-level privileges is stored in the system catalog view. View name issyscat.tabauth,syscat.colauth,syscat.indexauth,syscat.schemaauth,syscat.routineauthAndsyscat.packageauth.

It is also controlled through grant... to, revoke... from.
It is found that the select format in DB2 CLR is still good. It is not as long as Oracle sqlplus, but also requires typographical layout.

Implicit privilege
Generally, the Creator automatically has the corresponding permissions.
Indirect privilege
That is, you can obtain the corresponding object operation permission through the execution right of procedure.
Tag-Based Access Control lbac
Some configuration work is required, similar to Oracle, to control data to rows or columns.