Monday, March 21, 2011

SECADM

Hello All,

We might get confused from the DB2 9.7 info center documentation regarding who actually gets the SECADM authority. Starting DB2 9.7 we have noticed many changes when it comes to the  security(Eg: The instance owner does not have SECADM authority by default which is unacceptable.)

Coming to SECADM question, since it is a Database authority and specific to a database, the user who creates the database will get the SECADM authority.

Here is a test case...logged in as the user 'v97fp2' and created a 'db1' database.

- db2 create db db1
DB20000I  The CREATE DATABASE command completed successfully.

- db2 connect to db1

   Database Connection Information

 Database server        = DB2/LINUXX8664 9.7.2
 SQL authorization ID   = V97FP2
 Local database alias   = DB1

- db2 "select grantee, securityadmauth from syscat.dbauth"

GRANTEE          SECURITYADMAUTH
---------------- ---------------
V97FP2                  Y --> Automatically got the SECADM authority.
PUBLIC                  N

  2 record(s) selected.

NOTE: SECADM authority can be granted only by the security administrator (who holds SECADM authority) and can be granted to a user, a group, or a role.

Thanks
Samyn

No comments:

Post a Comment