ACF2 - Db2 Security - SQLADM Privilege

book

Article ID: 241926

calendar_today

Updated On:

Products

ACF2 - DB2 Option ACF2 - MISC ACF2 ACF2 - z/OS

Issue/Introduction

1. The IBM Db2 v12 documentation (Source: SQLADM - IBM Documentation) defines the following:
    With the SQLADM authority, you have implicit SELECT access on all the catalog tables and implicit INSERT, DELETE, and UPDATE privileges
    on updatable catalog tables (except SYSIBM.SYSAUDITPOLICIES).

2. A User ID has SQLADM defined. However, when it tries to perform an insert to an up-datable catalog table, the following error is observed.
    ACF04056 ACCESS TO RESOURCE DBIASYSIBM.IPNAMES TYPE DTBL BY USER01 NOT AUTHORIZED

It seems that despite having SQLADM granted in ACF2, Db2 will still issue a call to ACF2 to verify the DTBL permission.
Which then gets denied by ACF2 because the userid does not have the required privileges on this table.

Confirm that the DTBL privileges will be verified for any modification attempt to the catalog despite having the SQLADM privilege assigned?

Environment

Release : 1.3

Component : ACF2 Option for Db2

Resolution

User doesn't have access to SQLADM.
The ACF2 / DB2 access RULE is verified and not the DB2 CATALOG access.

 Add a rule :
                  $KEY(SQLADM) SYSID(DBIA) TYPE(SYS)
...................to get past the condition.