SYSADM and DBADM limits



You must log into the database as the database creator before proceeding with this page.

In the previous page, the SECADM authority has been revoked from the database creator. This user ID is now left with SYSADM, DBADM, ACCESSCTRL and DATAACCESS authorities. Check whether this user can grant/revoke DBADM or SECADM authorities to other users.


Operation



Prior to DB2 9.7, SYSADM could grant SECADM and DBADM authorities to other users. Starting from DB2 9.7, users with only SYSADM or DBADM authority can no longer grant any database authorities to other users. You must have SECADM authority to do so.


Solution



A user with SYSADM and DBADM authorities will not be able to grant any authorities to other users.

The commands on the right show that the database creator who does not hold SECADM authority cannot grant/revoke any authorities to other users.