DB2 Help

Authorities and privileges for DB user tasks

Task Authorities and privileges
To grant or revoke database authorities You need the proper authorizations:

To grant BINDADD, CONNECT, CREATETAB, CREATE_NOT_FENCED, and IMPLICIT_SCHEMA authorities, you need either SYSADM or DBADM authority.
To grant DBADM authority, you need SYSADM authority.

To grant or revoke a privilege on a schema You need one of the following authorizations:

SYSADM authority
DBADM authority
The privilege with the Grant option (the right to grant the privilege to other users and to groups)

Example
You can grant the ALTERIN privilege on a schema if you have one of these authorizations:

SYSADM authority
DBADM authority on the database in which the schema resides
The ALTERIN privilege on the schema, along with the right to grant the ALTERIN privilege on the schema to other users and to groups

To grant or revoke privileges on tables or views You need the proper authorizations:

To grant or revoke privileges on catalog tables and views, you need either SYSADM or DBADM authority.
To grant or revoke privileges on user-defined tables and views, you need to meet the following requirements:

To grant or revoke the CONTROL privilege on a table or view, you need SYSADM or DBADM authority.
To grant table or view privileges other than CONTROL, you need one of the following authorizations. To revoke table or view privileges other than CONTROL, you need one of the first three of these authorizations:

SYSADM authority
DBADM authority
The CONTROL privilege on the tables or views that you want to grant privileges on
The privilege you want to grant with the Grant option (the right to grant the privilege to other users and to groups)

Example
You can grant the ALTER privilege on a user-defined table if you hold one of these authorizations:

SYSADM authority
DBADM authority on the database in which the table resides
The CONTROL privilege on the table
The ALTER privilege, along with the right to grant the ALTER privilege on this table to other users and to groups

To grant or revoke the CONTROL privilege on an index You need either SYSADM authority or DBADM authority.
To define a person to DB2 as a user of a database You need one of the following authorizations:

Authorization to grant database authorities
Authorization to grant schema privileges
Authorization to grant table or view privileges
Authorization to grant the CONTROL privilege on indexes

To grant database authorities You need the proper authorizations:

To grant BINDADD, CONNECT, CREATETAB, CREATE_NOT_FENCED, and IMPLICIT_SCHEMA authorities, you need either SYSADM or DBADM authority.
To grant DBADM authority, you need SYSADM authority.

To grant a privilege on a schema You need one of the following authorizations:

SYSADM authority
DBADM authority
The privilege with the Grant option (that is, with the right to grant the privilege to other users and to groups)

Example
You can grant the ALTERIN privilege on a schema if you have one of these authorizations:

SYSADM authority
DBADM authority on the database in which the schema resides
The ALTERIN privilege on the schema, along with the right to grant the ALTERIN privilege on the schema to other users and to groups

To grant privileges on tables or views You need the proper authorizations:

To grant privileges on catalog tables and views, you need either SYSADM or DBADM authority.
To grant privileges on user-defined tables and views, you need to meet the following requirements:

To grant the CONTROL privilege on a table or view, you need SYSADM or DBADM authority.
To grant table or view privileges other than CONTROL, you need one of these authorizations:

SYSADM authority
DBADM authority
The CONTROL privilege on the tables or views that you want to grant privileges on
The privilege you want to grant, along with the Grant option (the right to grant this privilege to other users and to groups)

Example
You can grant the ALTER privilege on a user-defined table if you hold one of these authorities:

SYSADM authority
DBADM authority on the database in which the table resides
The CONTROL privilege on the table
The ALTER privilege, along with the right to grant the ALTER privilege on this table to other users and to groups

To grant the CONTROL privilege on an index You need either SYSADM authority or DBADM authority.

Task	Authorities and privileges
To grant or revoke database authorities	You need the proper authorizations: To grant BINDADD, CONNECT, CREATETAB, CREATE_NOT_FENCED, and IMPLICIT_SCHEMA authorities, you need either SYSADM or DBADM authority. To grant DBADM authority, you need SYSADM authority.
To grant or revoke a privilege on a schema	You need one of the following authorizations: SYSADM authority DBADM authority The privilege with the Grant option (the right to grant the privilege to other users and to groups) Example You can grant the ALTERIN privilege on a schema if you have one of these authorizations: SYSADM authority DBADM authority on the database in which the schema resides The ALTERIN privilege on the schema, along with the right to grant the ALTERIN privilege on the schema to other users and to groups
To grant or revoke privileges on tables or views	You need the proper authorizations: To grant or revoke privileges on catalog tables and views, you need either SYSADM or DBADM authority. To grant or revoke privileges on user-defined tables and views, you need to meet the following requirements: To grant or revoke the CONTROL privilege on a table or view, you need SYSADM or DBADM authority. To grant table or view privileges other than CONTROL, you need one of the following authorizations. To revoke table or view privileges other than CONTROL, you need one of the first three of these authorizations: SYSADM authority DBADM authority The CONTROL privilege on the tables or views that you want to grant privileges on The privilege you want to grant with the Grant option (the right to grant the privilege to other users and to groups) Example You can grant the ALTER privilege on a user-defined table if you hold one of these authorizations: SYSADM authority DBADM authority on the database in which the table resides The CONTROL privilege on the table The ALTER privilege, along with the right to grant the ALTER privilege on this table to other users and to groups
To grant or revoke the CONTROL privilege on an index	You need either SYSADM authority or DBADM authority.
To define a person to DB2 as a user of a database	You need one of the following authorizations: Authorization to grant database authorities Authorization to grant schema privileges Authorization to grant table or view privileges Authorization to grant the CONTROL privilege on indexes
To grant database authorities	You need the proper authorizations: To grant BINDADD, CONNECT, CREATETAB, CREATE_NOT_FENCED, and IMPLICIT_SCHEMA authorities, you need either SYSADM or DBADM authority. To grant DBADM authority, you need SYSADM authority.
To grant a privilege on a schema	You need one of the following authorizations: SYSADM authority DBADM authority The privilege with the Grant option (that is, with the right to grant the privilege to other users and to groups) Example You can grant the ALTERIN privilege on a schema if you have one of these authorizations: SYSADM authority DBADM authority on the database in which the schema resides The ALTERIN privilege on the schema, along with the right to grant the ALTERIN privilege on the schema to other users and to groups
To grant privileges on tables or views	You need the proper authorizations: To grant privileges on catalog tables and views, you need either SYSADM or DBADM authority. To grant privileges on user-defined tables and views, you need to meet the following requirements: To grant the CONTROL privilege on a table or view, you need SYSADM or DBADM authority. To grant table or view privileges other than CONTROL, you need one of these authorizations: SYSADM authority DBADM authority The CONTROL privilege on the tables or views that you want to grant privileges on The privilege you want to grant, along with the Grant option (the right to grant this privilege to other users and to groups) Example You can grant the ALTER privilege on a user-defined table if you hold one of these authorities: SYSADM authority DBADM authority on the database in which the table resides The CONTROL privilege on the table The ALTER privilege, along with the right to grant the ALTER privilege on this table to other users and to groups
To grant the CONTROL privilege on an index	You need either SYSADM authority or DBADM authority.