DB2 Five kinds of administrative rights

DB2 Five kinds of administrative rights

SYSADM, Sysctrl sysmaint Dbadm and LOAD

The first three permissions are Instance-level,and can is assigned to a group and is do so through the Database Manager Configuration file.

The latter two permissions are database-level,are assigned to a, user or group for a particular database.

DB2 get authorizations

DB2 database permissions are divided into instance-level permissions (SYSADM, Sysctrl, Sysmaint, SYSMON) and DB2 database-level permissions (DBAMD, LOAD).

The permissions that users have in DB2 are mainly considered in three areas: instance level, database level, database operation level, and view command is DB2 get authorizations.

DB2 authorization can be divided into instance-level permission and database-level authorization, and the instance-level permission must be granted to the user group by the update CFG by the user with Sysadm permission.

Database object-level permissions are granted to users or groups of users by the DBAMD permission user that is displayed through the grant command.

The "direct" permission means that this permission is explicitly granted to this user. The "indirect" permission means that this user belongs to a group that has this permission.

Instance-level permissions (can only be assigned at the user group level):

SYSADM----System administrative rights (Unix systems, the SYSADM user group is set by default to the primary user group where the instance owner resides, so any user in that group has SYSADM permissions)

SYSCTL----System control permissions

Sysmaint----System Maintenance permissions

Database level:

DBADM----Database administrative permissions (such as maintenance and management tasks such as deleting a database, creating and deleting tablespaces, backing up or recovering a database, etc.)

Load----permissions on the load operation on the table

1, DB2 Database permissions:

connect-allow users to connect to the database

bindadd-allow users to create new packages in the database

createtab-allow users to create new tables in the database

Create_not_fenced-allows users to register user-defined functions (UDFs) or stored procedures that are defined as not FENCED

Implicitschema-Allows the user to create an object in a schema that does not yet exist (it automatically creates the schema) *

quiesce_connect-allow users to connect to a database in quiesced state

Create_external_routine-allows users to register external routines (routines written in external languages such as C and Java)

2. Table Space Privileges:

Use-Allows the user to create tables in the specified table space

3. Mode privileges:

createin-allows the user to create objects in the schema

alterin-allows the user to modify objects in the schema

dropin-allows the user to delete objects from the schema

4. Table/View Privileges:

control-grants users all the privileges on tables and views, and grants these privileges (except CONTROL) to others

ALTER-Allows the user to add a column to a table, add or modify comments on a table and its columns, add a primary key or UNIQUE constraint, and create or delete a table check constraint

delete-allow users to delete rows from a table or view

Index-Allows the user to create an index on the table

Insert-allows users to insert data into a table or view

references-allows users to create and delete foreign keys, which requires a parent table in the specified relationship

Select-allows users to retrieve rows from a table or view, create a view on a table, and run the export utility

Update-allows users to modify data in tables, views, or some columns in a table or view, and users can have this privilege only on specific columns

5. Index Privileges:

control-allow users to delete indexes

6. Package Privileges:

control-allows users to rebind, delete, or execute packages, as well as grant these privileges (except CONTROL) to others

Bind-Allows the user to rebind an existing package

execute-allow users to execute packages

7. Routine Privileges:

Execute allows the user to invoke routines, create functions from routines (only for functions), and refer to routines in any DDL statement (such as Create VIEW, create TRIGGER, or define constraints)

9. Sequence Privileges:

Usage-allows users to use Nextval and prevval expressions for sequences

Alter-allows the user to modify sequence properties using the ALTER SEQUENCE statement

Privileged information is stored in the seven system catalog view:

*syscat. Dbauth-Database privileges

*syscat. Colauth-table and view column privileges

*syscat. Indexauth-Index Privileges

*syscat. Packageauth-Package Privileges

*syscat. Schemaauth-Mode privileges

*syscat. TABAUTH-table and view privileges

*syscat. Tbspaceauth-Table Space privileges

Grant Connect to

DB2 Five kinds of administrative rights