Description:

How do you provision access of SYSTEM DBADM and give the user id DATAACCESS by default.

In DB2 manual, there is an option to say WITHOUT DATAACCESS.

Solution:

To provision SYSTEM DBADM WITHOUT DATAACCESS, it would require a TSS PERMIT to the DBA for DB2SYS(SYSDBADM) which will provide the desired DBA functions only.

This would be for any table other than catalog tables. Catalog tables are defined as accessible by the SYSDBADM privilege.

Conversely, to allow data access to the DBA, you would need a TSS PERMIT to that user for DB2SYS(DATAACCESS) as well.

Of course you could always then include specific permissions to selected data as with any user by permitting access to the individual resources themselves (i.e. tables).