Hi,
I have db2 instance created as an administrator on db2 udb 9.5 on windows 2008.
There is no SYSADM_GROUP defined. I want to create a user with only select access on the database and does not have any other authority and privileges except for connect.
I tried the below:
revoke the createtab,binda dd,connect,impl icit_schema etc from public.
create a group and add it to SYSADM_GROUP
despite of performing other steps i am unable to see the SYSADM authority enabled to any users whom i add as member of group in SYSADM_GROUP and
I am unable to remove the indirect sysadm authority from the new user with select access only despite i have revoked everything from public and add a new group as SYSADM_GROUP in DBM cfg.
My intension is:
1.) to remove the SYSADM from public without hampering the necessary privileges from application user.
2.) to add a new group to SYSADM_GROUP so that which ever group is added to the SYSADM_GROUP in DBM cfg has SYSADM authority.
3.) create a role instead of groups with specific privileges so that any new non-administrator user can be granted these specific privileges.
Could someone please help me to achieve the above.
Thanks and Regards,
Rachana
I have db2 instance created as an administrator on db2 udb 9.5 on windows 2008.
There is no SYSADM_GROUP defined. I want to create a user with only select access on the database and does not have any other authority and privileges except for connect.
I tried the below:
revoke the createtab,binda dd,connect,impl icit_schema etc from public.
create a group and add it to SYSADM_GROUP
despite of performing other steps i am unable to see the SYSADM authority enabled to any users whom i add as member of group in SYSADM_GROUP and
I am unable to remove the indirect sysadm authority from the new user with select access only despite i have revoked everything from public and add a new group as SYSADM_GROUP in DBM cfg.
My intension is:
1.) to remove the SYSADM from public without hampering the necessary privileges from application user.
2.) to add a new group to SYSADM_GROUP so that which ever group is added to the SYSADM_GROUP in DBM cfg has SYSADM authority.
3.) create a role instead of groups with specific privileges so that any new non-administrator user can be granted these specific privileges.
Could someone please help me to achieve the above.
Thanks and Regards,
Rachana