IBM VERSION 9 Manuale Utente
UNIX
platforms
A
valid
DB2
database
user
name
that
belongs
to
the
primary
group
of
the
instance
owner.
SYSADM
privileges
are
the
most
powerful
set
of
privileges
available
within
the
DB2
database
manager.
As
a
result,
you
might
not
want
all
of
these
users
to
have
SYSADM
privileges
by
default.
The
DB2
database
manager
provides
the
administrator
with
the
ability
to
grant
and
revoke
privileges
to
groups
and
individual
user
IDs.
By
updating
the
database
manager
configuration
parameter
sysadm_group,
the
administrator
can
control
which
group
of
users
possesses
SYSADM
privileges.
You
must
follow
the
guidelines
below
to
complete
the
security
requirements
for
both
the
DB2
database
installation
and
the
subsequent
instance
and
database
creation.
Any
group
defined
as
the
system
administration
group
(by
updating
sysadm_group)
must
exist.
The
name
of
this
group
should
allow
for
easy
identification
as
the
group
created
for
instance
owners.
User
IDs
and
groups
that
belong
to
this
group
have
system
administrator
authority
for
their
respective
instances.
The
administrator
should
consider
creating
an
instance
owner
user
ID
that
is
easily
recognized
as
being
associated
with
a
particular
instance.
This
user
ID
should
have
as
one
of
its
groups
the
name
of
the
SYSADM
group
created
above.
Another
recommendation
is
to
use
this
instance-owner
user
ID
only
as
a
member
of
the
instance
owner
group
and
not
to
use
it
in
any
other
group.
This
should
control
the
proliferation
of
user
IDs
and
groups
that
can
modify
the
instance,
or
any
object
within
the
instance.
The
created
user
ID
must
be
associated
with
a
password
to
provide
authentication
before
being
permitted
entry
into
the
data
and
databases
within
the
instance.
The
recommendation
when
creating
a
password
is
to
follow
your
organization’s
password
naming
guidelines.
Note:
To
avoid
accidentally
deleting
or
overwriting
instance
configuration
or
other
files,
administrators
should
consider
using
another
user
account,
which
does
not
belong
to
the
same
primary
group
as
the
instance
owner,
for
day-to-day
administration
tasks
that
are
performed
on
the
server
directly.
Related
concepts:
v
“General
naming
rules”
in
Administration
Guide:
Implementation
v
“User,
user
ID
and
group
naming
rules”
in
Administration
Guide:
Implementation
v
“Authentication”
in
Administration
Guide:
Planning
v
“Authorization”
in
Administration
Guide:
Planning
v
“Naming
rules
in
a
Unicode
environment”
in
Administration
Guide:
Implementation
v
“Naming
rules
in
an
NLS
environment”
in
Administration
Guide:
Implementation
v
“Location
of
the
instance
directory”
in
Administration
Guide:
Implementation
v
“UNIX
platform
security
considerations
for
users”
in
Administration
Guide:
Implementation
v
“Windows
platform
security
considerations
for
users”
in
Administration
Guide:
Implementation
Related
reference:
v
“Communications
variables”
in
Performance
Guide
8
Getting
started
with
DB2
installation
and
administration