DB2 Five kinds of administrative rights
SYSADM, Sysctrl sysmaint Dbadm and LOAD
The first three permissions are Instance-level,and can is assigned to a group and is do so through the Database Manager Configuration file.
The latter two permissions are database-level,are assigned to a, user or group for a particular database.
DB2 get authorizations
DB2 database permissions are divided into instance-level permissions (SYSADM, Sysctrl, Sysmaint, SYSMON) and DB2 database-level permissions (DBAMD, LOAD).
The permissions that users have in DB2 are mainly considered in three areas: instance level, database level, database operation level, and view command is DB2 get authorizations.
DB2 authorization can be divided into instance-level permission and database-level authorization, and the instance-level permission must be granted to the user group by the update CFG by the user with Sysadm permission.
Database object-level permissions are granted to users or groups of users by the DBAMD permission user that is displayed through the grant command.
The "direct" permission means that this permission is explicitly granted to this user. The "indirect" permission means that this user belongs to a group that has this permission.
Instance-level permissions (can only be assigned at the user group level):
SYSADM----System administrative rights (Unix systems, the SYSADM user group is set by default to the primary user group where the instance owner resides, so any user in that group has SYSADM permissions)
SYSCTL----System control permissions
Sysmaint----System Maintenance permissions
Database level:
DBADM----Database administrative permissions (such as maintenance and management tasks such as deleting a database, creating and deleting tablespaces, backing up or recovering a database, etc.)
Load----permissions on the load operation on the table
1, DB2 Database permissions:
connect-allow users to connect to the database
bindadd-allow users to create new packages in the database
createtab-allow users to create new tables in the database
Create_not_fenced-allows users to register user-defined functions (UDFs) or stored procedures that are defined as not FENCED
Implicitschema-Allows the user to create an object in a schema that does not yet exist (it automatically creates the schema) *
quiesce_connect-allow users to connect to a database in quiesced state
Create_external_routine-allows users to register external routines (routines written in external languages such as C and Java)
2. Table Space Privileges:
Use-Allows the user to create tables in the specified table space
3. Mode privileges:
createin-allows the user to create objects in the schema
alterin-allows the user to modify objects in the schema
dropin-allows the user to delete objects from the schema
4. Table/View Privileges:
control-grants users all the privileges on tables and views, and grants these privileges (except CONTROL) to others
ALTER-Allows the user to add a column to a table, add or modify comments on a table and its columns, add a primary key or UNIQUE constraint, and create or delete a table check constraint
delete-allow users to delete rows from a table or view
Index-Allows the user to create an index on the table
Insert-allows users to insert data into a table or view
references-allows users to create and delete foreign keys, which requires a parent table in the specified relationship
Select-allows users to retrieve rows from a table or view, create a view on a table, and run the export utility
Update-allows users to modify data in tables, views, or some columns in a table or view, and users can have this privilege only on specific columns
5. Index Privileges:
control-allow users to delete indexes
6. Package Privileges:
control-allows users to rebind, delete, or execute packages, as well as grant these privileges (except CONTROL) to others
Bind-Allows the user to rebind an existing package
execute-allow users to execute packages
7. Routine Privileges:
Execute allows the user to invoke routines, create functions from routines (only for functions), and refer to routines in any DDL statement (such as Create VIEW, create TRIGGER, or define constraints)
9. Sequence Privileges:
Usage-allows users to use Nextval and prevval expressions for sequences
Alter-allows the user to modify sequence properties using the ALTER SEQUENCE statement
Privileged information is stored in the seven system catalog view:
*syscat. Dbauth-Database privileges
*syscat. Colauth-table and view column privileges
*syscat. Indexauth-Index Privileges
*syscat. Packageauth-Package Privileges
*syscat. Schemaauth-Mode privileges
*syscat. TABAUTH-table and view privileges
*syscat. Tbspaceauth-Table Space privileges
Grant Connect to
DB2 Five kinds of administrative rights