Unauthorized user is dropping indexes in DB2
search cancel

Unauthorized user is dropping indexes in DB2


Article ID: 250782


Updated On:


Top Secret


DB2 dropping index for user that is not authorized.

User does not have access to the DB2TABLE or the DB2DBASE.

Top Secret is the ESM.



Release : 16.0

Component : Top Secret Option for DB2


User granted access through DB2SYS(SYSCTRL)  which will authorize the user to drop the index even though they are not authorized to the DB2TABLE or DB2BASE.   

Per IBM doc, SYSCTRL authority is the highest level of system control authority. This authority provides the ability to perform maintenance and utility operations against the database manager instance and its databases. These operations can affect system resources, but they do not allow direct access to data in the databases.

System control authority is designed for users administering a database manager instance containing sensitive data.

Only a user with SYSCTRL authority or higher can perform the following actions:
  • - Update a database, node, or distributed connection services (DCS) directory-
  • - Create or drop a database
  • - Drop, create, or alter a table space
  • - Use any table space
  • - Restore to a new or an existing database.

In addition, a user with SYSCTRL authority can perform the functions of users with system maintenance authority (SYSMAINT) and system monitor authority (SYSMON).