Shulou(Shulou.com)05/31 Report--

This article mainly introduces that DB2 has several management rights, the article is very detailed, has a certain reference value, interested friends must read it!

Five administrative rights of DB2

SYSADM, SYSCTRL SYSMAINT DBADM and LOAD

The first three permissions are instance-level,and can only be assigned to a group and are done so through the Database Manager Configuration file.

The last two permissions are database-level,are assigned to a user or group for a particular database.

Db2 get authorizations

DB2 database permissions are divided into instance-level permissions (SYSADM, SYSCTRL, SYSMAINT, SYSMON) and DB2 database-level permissions (DBAMD, LOAD).

The permissions of users in DB2 mainly consider three aspects: instance level, database level and database operation level. The view command is db2 get authorizations.

DB2 authorization can be divided into instance-level authorization and database-level authorization. Instance-level permissions must be granted to user groups through update cfg by users with SYSADM permissions.

Database object-level permissions are granted to users or user groups displayed by DBAMD authorized users through the grant command.

The Direct permission means that this permission is explicitly granted to this user. The indirect permission means that the user belongs to a group with this permission.

Instance-level permissions (can only be assigned at the user group level):

SYSADM-system administrative privileges (in UNIX systems, the SYSADM user group is set to the primary user group of the instance owner by default, so any user in this group has SYSADM rights)

SYSCTL---- system control permissions

SYSMAINT---- system maintenance permissions

Database level:

Dbadm---- database administration privileges (cannot perform maintenance and administrative tasks such as deleting databases, creating and deleting tablespaces, backing up or restoring databases)

Load---- 's permission to load the table

1. DB2 database permissions:

CONNECT- allows users to connect to the database

BINDADD- allows users to create new packages in the database

CREATETAB- allows users to create new tables in the database

CREATE_NOT_FENCED- allows users to register user-defined functions (UDF) or stored procedures defined as NOT FENCED

IMPLICITSCHEMA-allows the user to create objects in schemas that do not already exist (it automatically creates schemas) *

QUIESCE_CONNECT- allows users to connect to databases in the quiesced state

CREATE_EXTERNAL_ROUTINE- allows users to register external routines (routines written in external languages such as C and Java)

2. Tablespace privileges:

USE-allows users to create tables in a specified tablespace

3. Mode privileges:

CREATEIN- allows users to create objects in a schema

ALTERIN- allows users to modify objects in schema

DROPIN- allows the user to delete objects from the schema

4. Table / view privileges:

CONTROL- grants users all privileges on tables and views, and grants these privileges (except CONTROL) to others

ALTER-allows users to add columns to a table, add or modify comments on the table and its columns, add primary keys or unique constraints, and create or delete table check constraints

DELETE- allows users to delete rows from a table or view

INDEX-allows users to create indexes on tables

INSERT- allows users to insert data in a table or view

REFERENCES- allows users to create and delete foreign keys, which requires specifying the parent table in the relationship

SELECT- allows users to retrieve rows from a table or view, create views on a table, and run the EXPORT utility

UPDATE- allows users to modify data in tables, views, or columns in tables or views; users can have this privilege only on specific columns

5. Index privileges:

CONTROL- allows users to delete indexes

6. Package privileges:

CONTROL- allows users to rebind, delete, or execute packages, and to grant these privileges (except CONTROL) to others

BIND-allows users to rebind existing packages

EXECUTE- allows users to execute packages

7. Routine privileges:

EXECUTE allows users to call routines, create functions from routines (for functions only), and reference routines in any DDL statement (such as CREATE VIEW, CREATE TRIGGER, or when defining constraints)

9. Sequence privileges:

USAGE-allows users to use NEXTVAL and PREVVAL expressions on sequences

ALTER-allows users to modify sequence properties using ALTER SEQUENCE statements

Privileged information is stored in seven system catalog views:

* SYSCAT.DBAUTH-Database privilege

* SYSCAT.COLAUTH-table and view column privileges

* SYSCAT.INDEXAUTH-Index privilege

* SYSCAT.PACKAGEAUTH-package privilege

* SYSCAT.SCHEMAAUTH-Mode privilege

* SYSCAT.TABAUTH-table and view privileges

* SYSCAT.TBSPACEAUTH-Tablespace privilege

Grant connect to

The above is all the contents of the article "DB2 has several administrative rights". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.