IBM Frozen Dessert Maker VERSION 9 用户手册
SYSADM
is
the
highest
level
of
administrative
authority.
It
includes
all
privileges
on
databases
within
the
DB2
instance
as
well
as
the
authority
to
grant
and
revoke
all
other
authorities
and
privileges.
DBADM
provides
administrative
authority
for
a
specific
database.
It
allows
the
user
to
access
and
modify
all
objects
within
that
database.
A
user
with
DBADM
authority
can
grant
and
revoke
privileges
on
the
database
but
cannot
grant
or
revoke
DBADM
authority.
SYSCTRL
is
the
authority
for
controlling
the
resources
used
by
the
database
manager
(for
example,
creating
and
deleting
databases),
but
it
does
not
allow
access
to
the
data
within
the
databases.
SYSMAINT
is
the
authority
for
performing
maintenance
operations,
such
as
starting
and
stopping
the
DB2
server
and
backing
up
and
restoring
databases.
It
does
not
allow
access
to
the
data
within
the
databases.
LOAD
authority
at
the
database
level,
combined
with
INSERT
privilege
on
a
table,
allows
the
user
to
load
data
into
that
table.
SECADM
(security
administrator)
level
applies
at
the
database
level
and
is
the
authority
required
to
create,
alter
and
drop
security
label
components,
security
policies,
and
security
labels,
which
are
used
to
protect
tables.
It
is
also
the
authority
required
to
grant
and
revoke
security
labels
and
exemptions
as
well
as
to
grant
and
revoke
the
SETSESSIONUSER
privilege.
A
user
with
the
SECADM
authority
can
transfer
the
ownership
of
objects
that
they
do
not
own.
The
SECADM
authority
has
no
inherent
privilege
to
access
data
stored
in
tables
and
has
no
other
additional
inherent
privilege.
It
can
only
be
granted
by
a
user
with
SYSADM
authority.
The
SECADM
authority
can
be
granted
to
a
user
but
cannot
be
granted
to
a
group
or
to
PUBLIC.
Database-specific
authorities
are
stored
in
the
database
catalogs;
system
authorities
are
stored
in
the
database
manager
configuration
file
for
the
instance.
You
can
use
the
Control
Center
to
grant
and
revoke
database
authorities.
Related
concepts:
v
“Database
administration
authority
(DBADM)”
in
Administration
Guide:
Implementation
v
“Extended
Windows
security
using
DB2ADMNS
and
DB2USERS
groups”
in
Administration
Guide:
Implementation
v
“LOAD
authority”
in
Administration
Guide:
Implementation
v
“Security
administration
authority
(SECADM)”
in
Administration
Guide:
Implementation
v
“System
administration
authority
(SYSADM)”
in
Administration
Guide:
Implementation
v
“System
control
authority
(SYSCTRL)”
in
Administration
Guide:
Implementation
v
“System
maintenance
authority
(SYSMAINT)”
in
Administration
Guide:
Implementation
4
Getting
started
with
DB2
installation
and
administration