System administration (SYSADM) authority is the highest level of authority within the database manager and controls all database objects. This parameter defines the group name with SYSADM authority for the database manager instance.
SYSADM authority is determined by the security facilities used in a specific operating environment. The following considerations apply when system security (that is, authorization) is CLIENT, SERVER, or DCS. Considerations for DCE security are described below.
This parameter must be "NULL" for Windows 95 clients when system security is used because the Windows 95 operating system does not store group information, thereby providing no way of determining if a user is a member of a designated SYSADM group. When a group name is specified, no user is considered to be a member of it and no user is considered to have administration authority.
If the value is not "NULL", the SYSADM group can be any valid UNIX group name.
If a group name is specified for this parameter, only users who belong to the group have SYSADM authority. The group specified can be any of the User Profile Management (user profile management) groups. For more information on User Profile Management groups, see your Quick Beginnings book.
If DCE security is used and sysadm_group is "NULL", the default DCE group name DB2ADMIN is used. A valid DCE principal whose authid mapping is DB2ADMIN must already exist. You can specify a different group name (this also applies for Windows 95 clients).
To restore the parameter to its default (NULL) value, use UPDATE DBM CFG USING SYSADM_GROUP NULL. You must specify the keyword "NULL" in uppercase. You can also use the Configure Instance notebook in the DB2 Control Center.