How To Take Advantage Of SYSDBADM Without DATAACCESS Authority?

book

Article ID: 19828

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Description:

How do you provision access of SYSTEM DBADM and give the user id DATAACCESS by default.

In DB2 manual, there is an option to say WITHOUT DATAACCESS.

Solution:

To provision SYSTEM DBADM WITHOUT DATAACCESS, it would require a TSS PERMIT to the DBA for DB2SYS(SYSDBADM) which will provide the desired DBA functions only.

This would be for any table other than catalog tables. Catalog tables are defined as accessible by the SYSDBADM privilege.

Conversely, to allow data access to the DBA, you would need a TSS PERMIT to that user for DB2SYS(DATAACCESS) as well.

Of course you could always then include specific permissions to selected data as with any user by permitting access to the individual resources themselves (i.e. tables).

Environment

Release: TOPSDB00200-1.3-Top Secret-Security-Option for DB2 UDB
Component: