We have moved to www.dataGenX.net, Keep Learning with us.

Tuesday, June 19, 2012

DB2 Authorities


SYSADM, SYSCTRL, SYSMAINT, and SYSMON are instance-level authorities. have to update in DBM CFG
DBADM, LOAD, and SECADM authorities are assigned to a user or group for a particular database


SYSADM
it is like as a ROOT for the database
db2 update dbm cfg using SYSADM_GROUP <group_name>


SYSCTRL
SYSCTRL authority can perform all administrative and maintenance commands within the instance. However, unlike SYSADM users, they cannot access any data within the databases unless they are granted the privileges
db2 update dbm cfg using SYSCTRL_GROUP <group_name>
like:
• db2start/db2stop
• db2 create/drop database
• db2 create/drop tablespace
• db2 backup/restore/rollforward database
• db2 runstats (against any table)
• db2 update db cfg for database dbname


SYSMAINT
The commands that a user with SYSMAINT authority can issue are a subset of those allowed to users with SYSCTRL authority. SYSMAINT users can only perform tasks related to maintenance
db2 update dbm cfg using SYSMAINT_GROUP <group_name>
like:
• db2start/db2stop
• db2 backup/restore/rollforward database
• db2 runstats (against any table)
• db2 update db cfg for database dbname


SYSMAINT
a user with SYSMAINT authority can issue are a subset of those allowed to users with SYSCTRL authority. SYSMAINT users can only perform tasks related to maintenance
db2 update dbm cfg using SYSMAINT_GROUP group name
like:
• db2start/db2stop
• db2 backup/restore/rollforward database
• db2 runstats (against any table)
• db2 update db cfg for database dbname


SYSMON 
SYSMON authority provides the ability to take database system monitor snapshots of a database manager instance or its databases.
db2 update dbm cfg using SYSMON_GROUP group name
like:
• GET DATABASE MANAGER MONITOR SWITCHES
• GET MONITOR SWITCHES
• GET SNAPSHOT
• LIST ACTIVE DATABASES
• LIST APPLICATIONS
• LIST DCS APPLICATIONS
• RESET MONITOR
• UPDATE MONITOR SWITCHES
• db2GetSnapshot - Get snapshot
• db2GetSnapshotSize - Estimate size required for db2GetSnapshot() output buffer
• db2MonitorSwitches - Get/update monitor switches
• db2ResetMonitor - Reset monitor
Users with the SYSADM, SYSCTRL, or SYSMAINT authority level also possess SYSMON authority.


DBADM
DBADM authority is a database-level authority rather than an instance-level authority. DBADM users have complete control over a database almost. DBADM users cannot perform such maintenance or administrative tasks
SYSADM provide this access
db2 grant dbadm on database to user tst1
db2 grant dbadm on database to group db2grp1
like:
• drop database
• drop/create tablespace
• backup/restore database
• update db cfg for database db name
• db2 create/drop table
• db2 grant/revoke (any privilege)
• db2 runstats (any table)


LOAD
LOAD authority is also considered a database-level authority, and can therefore be granted to both users and groups. As the name implies, LOAD authority allows users to issue the LOAD command against a table. The LOAD command is typically used as a faster alternative to insert or import commands when populating a table with large amounts of data.
SYSADM or DBADM provide this access
db2 grant load on database to user tst1
db2 grant insert on table sales to user tst1
db2 grant load on database to group grp1
db2 grant delete on table sales to group grp1
db2 grant insert on table sales to group grp1
like:
• db2 quiesce tablespaces for table
• db2 list tablespaces
• db2 runstats (any table)
• db2 load insert (must have insert privilege on table)
• db2 load restart/terminate after load insert (must have insert privilege on table)
• db2 load replace (must have insert and delete privilege on table)
• db2 load restart/terminate after load replace (must have insert and delete privilege on table)


SECADM
SECADM authority is considered a database-level authority, but can only be granted to a specific user by a SYSADM user
like:
• Create and drop security label components
• Create and drop security policies
• Create and drop security labels
• Grant and revoke security labels
• Grant and revoke LBAC rule exemptions
• Grant and revoke setsessionuser privileges
• Execute the SQL statement TRANSFER OWNERSHIP on objects that you do not own




njoy the simplicity.......
©Atul Singh


victimizeit.blogspot.com

No comments :

Post a Comment