Hi,

I found out that when "create database" command is carried out the "PUBLIC" group is automaticaly created.
(To see this: on database SAMPLE | User and Group Objects | DB Groups | PUBLIC). What is purpose of this group? Can I delete this group?

BTW, there is no group PUBLIC defined on Windows user groups.

My system:
- Windows 2003 Server Standard Edition
- DB2 Workgroup Server Edition version 8 fixpack 9

Thanks,
Grofaty

It's not a group but rather a keyword that you use when you grant or revoke privileges to (from) all authenticated users. You can't deleted it.

n_i,
In Control Center on SAMPLE database I have revoke all privileges from DB Groups: PUBLIC and it disappeared (deleted) from User and Group Objects | DB Groups.

Will I experience any limitation in DB2 functionalities?

Thanks,
Grofaty

Ok,
I can't connect to sample database now. So I droped it and recreate it.
So group PUBLIC has to exist on system.
Thanks,
Grofaty

PUBLIC does not need to exist, it only applies to users who aren't part of any other group.

If you try connect to your sample database as the instance owner, it will succeed. Or from any other user in a group you've defined on DB2.

Strictly speaking, PUBLIC doesn't "exist" - it's just a convenient way to say "allow everybody to do stuff". You can revoke all grants from PUBLIC, which would mean that only those users with _explicit_ grants or authorities will be able to connect/select/etc.

+1

In our shop it is against all known policies to have a PUBLIC having access to anything. It is the first thing that is getting revoked once a new db is created.

So, as said before you should be ok assuming you already have id on that system and grants are given to it. If not, log in with an instance id and give apropriate grants.