DB2 permissions and operations

What kind of operations can be performed on databases with DB2 permissions? The following describes the relationship between DB2 permissions and operations. If you are interested in DB2 permissions, take a look.

Obtain SYSADM

Users with SYSADM permissions can issue any DB2 commands acting on DB2 instances, any databases in the instances, and any objects in these databases. They can also access data in the database and grant or revoke privileges and permissions. SYSADM user is the only user allowed to update the Database Manager configuration Database Manager ConfigurationDBM CFG) file. SYSADM permission is controlled by the SYSADM_GROUP parameter in dbm cfg. When an instance is created, this parameter is set to Administrator on Windows, although it is blank when you issue the db2 get dbm cfg command ). On UNIX, this parameter is set to the master Group of the user who creates the instance. SYSADM users are the only Users Allowed To update dbm cfg, so they are also the only users who can grant any SYS * permission to other groups. The following example shows how to grant SYSADM permissions to the group "grp1 ".

Obtain SYSCTRL

Users with SYSCTRL permissions can execute all management and maintenance commands in the instance. However, unlike SYSADM users, they cannot access any data in the database unless they are granted the privileges required to do so. You can run SYSCTRL on any database in the instance.

SYSCTRL is assigned to a group by a user with SYSADM permission using the command db2 update dbm cfg using SYSCTRL_GROUP group name.

Get SYSMAINT

A user with SYSMAINT permission can issue commands that are a subset of the commands allowed by SYSCTRL-that is, some tasks related to maintenance.

Note that users with SYSMAINT cannot create or delete databases or tablespaces ). Nor can they access any data in the database, unless they are granted the privileges required to do so.

SYSMAINT is assigned to a group by a user with SYSADM permission using the command db2 update dbm cfg using SYSMAINT_GROUP group name.

Obtain DBADM

DBADM permissions are database-level permissions rather than instance-level permissions. In general, DBADM users can fully control the database-well, that's roughly the case. DBADM users cannot perform any maintenance or management tasks, such as deleting databases, deleting/creating tablespaces, backing up/restoring databases, or updating db cfg for database db name.

DBADM users are also automatically granted all privileges on database objects and their contents. Because DBADM is a database-level permission, it can be granted to users and groups. The following example shows how to grant the DBADM permission to the user "tst1", which is a member of "grp1.

Db2 create database test
This command grants the Database "test" the implicit DBADM permission to the user who issued this command.

Db2 grant dbadm on database to user tst1
This command can only be issued by SYSADM users. You must connect to the database with this permission. For example, if you first issue the following command, DBADM will be assigned to the user tst1 of the sample database:
Db2 connect to sample.

Db2 grant dbadm on database to group grp1
Again, this command can only be issued by SYSADM users.

Get LOAD

The LOAD permission is also considered a database-level permission, so users and groups can be granted. This permission is a new feature of DB2 version 7. As its name implies, the LOAD permission allows users to issue LOAD commands to the table. The LOAD command is typically used to implant a large amount of data into a table as a faster alternative to the insert or import command. Depending on the LOAD type you want to execute, it is not enough to have the LOAD permission. You also need specific privileges for the table.

Only users with SYSADM or DBADM permissions can grant or revoke the LOAD permission of users or groups.
 

How to create a user in DB2

Learn more about the materialized views of DB2

How to view DB2 dynamic SQL statements

Implementation of DB2 circular Query

Rollback of A DB2 partitioned Database