Filter
Top Products
SYSADM is the highest level of administrative authority. It includes all privileges
on databases within the DB2 instance as well as the authority to grant and revoke
all other authorities and privileges.
DBADM provides administrative authority for a specific database. It allows the
user to access and modify all objects within that database. A user with DBADM
authority can grant and revoke privileges on the database but cannot grant or
revoke DBADM authority.
SYSCTRL is the authority for controlling the resources used by the database
manager (for example, creating and deleting databases), but it does not allow
access to the data within the databases.
SYSMAINT is the authority for performing maintenance operations, such as
starting and stopping the DB2 server and backing up and restoring databases. It
does not allow access to the data within the databases.
LOAD authority at the database level, combined with INSERT privilege on a table,
allows the user to load data into that table.
SECADM (security administrator) level applies at the database level and is the
authority required to create, alter and drop security label components, security
policies, and security labels, which are used to protect tables. It is also the
authority required to grant and revoke security labels and exemptions as well as to
grant and revoke the SETSESSIONUSER privilege. A user with the SECADM
authority can transfer the ownership of objects that they do not own. The
SECADM authority has no inherent privilege to access data stored in tables and
has no other additional inherent privilege. It can only be granted by a user with
SYSADM authority. The SECADM authority can be granted to a user but cannot be
granted to a group or to PUBLIC.
Database-specific authorities are stored in the database catalogs; system authorities
are stored in the database manager configuration file for the instance.
You can use the Control Center to grant and revoke database authorities.
Related concepts:
v “Database administration authority (DBADM)” in Administration Guide:
Implementation
v “Extended Windows security using DB2ADMNS and DB2USERS groups” in
Administration Guide: Implementation
v “LOAD authority” in Administration Guide: Implementation
v “Security administration authority (SECADM)” in Administration Guide:
Implementation
v “System administration authority (SYSADM)” in Administration Guide:
Implementation
v “System control authority (SYSCTRL)” in Administration Guide: Implementation
v “System maintenance authority (SYSMAINT)” in Administration Guide:
Implementation
4 Getting started with DB2 installation and administration