IBM Books

Administration Guide

Managing Users

As a database administrator, you might need to control the type of access people have to data, or restrict their view of the data. The following information tells you how to use the administration tools to manage database authorities and privileges for database objects.

Database authorities involve actions on a database as a whole. When a database is created, some authorities are automatically granted to anyone who accesses the database. For example, CONNECT, CREATETAB, BINDADD and IMPLICIT_SCHEMA authorities are granted to all users. Database privileges involve actions on specific objects within the database. When a database is created, some privileges are automatically granted to anyone who accesses the database. For example, SELECT privilege is granted on catalog views and EXECUTE and BIND privilege on each successfully bound utility is granted to all users.

Together, privileges and authorities act to control access to an instance and its database objects. Users can access only those objects for which they have the appropriate authorization, that is, the required privilege or authority.

Granting and Revoking Authorities and Privileges

You can use the DB2 administration tools to grant and revoke privileges for users and groups for databases, table spaces, tables, views, and schemas.

  1. From the Control Center, click mouse button 2 on the database, table, view, schema or index for which you want to grant or revoke privileges. Select Authorities or Privileges from the pop-up menu. The Authorities window or Privileges window opens.

  2. Select the User page to work with user authorities or privileges or the Group page to work with group authorities or privileges.

  3. Select one or more users or groups. To add a user or group to the list, click the Add User or Add Group push button.

  4. Along the bottom of the window, select Yes, No, or Grant for each individual authority or privilege. Grant is displayed only for objects for which it is a valid option.

  5. When you have finished, click the Apply push button.

If you want to review or change the objects that a particular user is authorized to, you can select a user, and click mouse button 2, then add or change authorization to an object or remove authorization.

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]

[ DB2 List of Books | Search the DB2 Books ]