Hello All,
We might get confused from the DB2 9.7 info center documentation regarding who actually gets the SECADM authority. Starting DB2 9.7 we have noticed many changes when it comes to the security(Eg: The instance owner does not have SECADM authority by default which is unacceptable.)
Coming to SECADM question, since it is a Database authority and specific to a database, the user who creates the database will get the SECADM authority.
Here is a test case...logged in as the user 'v97fp2' and created a 'db1' database.
- db2 create db db1
DB20000I The CREATE DATABASE command completed successfully.
- db2 connect to db1
Database Connection Information
Database server = DB2/LINUXX8664 9.7.2
SQL authorization ID = V97FP2
Local database alias = DB1
- db2 "select grantee, securityadmauth from syscat.dbauth"
GRANTEE SECURITYADMAUTH
---------------- ---------------
V97FP2 Y --> Automatically got the SECADM authority.
PUBLIC N
2 record(s) selected.
NOTE: SECADM authority can be granted only by the security administrator (who holds SECADM authority) and can be granted to a user, a group, or a role.
Thanks
Samyn
We might get confused from the DB2 9.7 info center documentation regarding who actually gets the SECADM authority. Starting DB2 9.7 we have noticed many changes when it comes to the security(Eg: The instance owner does not have SECADM authority by default which is unacceptable.)
Coming to SECADM question, since it is a Database authority and specific to a database, the user who creates the database will get the SECADM authority.
Here is a test case...logged in as the user 'v97fp2' and created a 'db1' database.
- db2 create db db1
DB20000I The CREATE DATABASE command completed successfully.
- db2 connect to db1
Database Connection Information
Database server = DB2/LINUXX8664 9.7.2
SQL authorization ID = V97FP2
Local database alias = DB1
- db2 "select grantee, securityadmauth from syscat.dbauth"
GRANTEE SECURITYADMAUTH
---------------- ---------------
V97FP2 Y --> Automatically got the SECADM authority.
PUBLIC N
2 record(s) selected.
NOTE: SECADM authority can be granted only by the security administrator (who holds SECADM authority) and can be granted to a user, a group, or a role.
Thanks
Samyn
No comments:
Post a Comment