Filter
Top Products
UNIX platforms A valid DB2 database user name that belongs to
the primary group of the instance owner.
SYSADM
privileges are the most powerful set of privileges available within the
DB2 database manager. As a result, you might not want all of these users to have
SYSADM privileges by default. The DB2 database manager provides the
administrator with the ability to grant and revoke privileges to groups and
individual user IDs.
By updating the database manager configuration parameter sysadm_group, the
administrator can control which group of users possesses SYSADM privileges. You
must follow the guidelines below to complete the security requirements for both
the DB2 database installation and the subsequent instance and database creation.
Any group defined as the system administration group (by updating sysadm_group)
must exist. The name of this group should allow for easy identification as the
group created for instance owners. User IDs and groups that belong to this group
have system administrator authority for their respective instances.
The administrator should consider creating an instance owner user ID that is easily
recognized as being associated with a particular instance. This user ID should have
as one of its groups the name of the SYSADM group created above. Another
recommendation is to use this instance-owner user ID only as a member of the
instance owner group and not to use it in any other group. This should control the
proliferation of user IDs and groups that can modify the instance, or any object
within the instance.
The created user ID must be associated with a password to provide authentication
before being permitted entry into the data and databases within the instance. The
recommendation when creating a password is to follow your organization’s
password naming guidelines.
Note:
To avoid accidentally deleting or overwriting instance configuration or other
files, administrators should consider using another user account, which does
not belong to the same primary group as the instance owner, for day-to-day
administration tasks that are performed on the server directly.
Related concepts:
v “General naming rules” in Administration Guide: Implementation
v “User, user ID and group naming rules” in Administration Guide: Implementation
v “Authentication” in Administration Guide: Planning
v “Authorization” in Administration Guide: Planning
v “Naming rules in a Unicode environment” in Administration Guide:
Implementation
v “Naming rules in an NLS environment” in Administration Guide: Implementation
v “Location of the instance directory” in Administration Guide: Implementation
v “UNIX platform security considerations for users” in Administration Guide:
Implementation
v “Windows platform security considerations for users” in Administration Guide:
Implementation
Related reference:
v “Communications variables” in Performance Guide
8 Getting started with DB2 installation and administration