Results 1 to 9 of 9
  1. #1
    Join Date
    May 2012
    Posts
    155

    Unanswered: Showing Users and privileges

    Hello everyone,

    I want to list the normal user(the user is called ratna) I have in my DB2 Server, respectively the privileges this user has. Using this command under CLP:

    db2 "SELECT AUTHID, PRIVILEGE FROM SYSIBMADM.PRIVILEGES"

    Unfortunately, I could not find the user ratna in the output. The users exist were just:
    PUBLIC
    DB2INST1
    SYSROLE_AUTH_DBADM
    SYSROLE_AUTH_SQLADM

    I was expecting to see also:
    RATNA

    Could you please help me? Is it for user ratna generally possible to see what privileges she has? I mean, logging in the DB2 as ratna and to list out the privileges she has. Thank you very much.

    Regards,
    Ratna

  2. #2
    Join Date
    Apr 2006
    Location
    Belgium
    Posts
    2,514
    Provided Answers: 11
    only the users that received an explicit grant are seen
    if a user is connected - get snapshot for application agentid and see authorities
    privileges are in the syscat views (like tabauth...)
    Best Regards, Guy Przytula
    Database Software Consultant
    Good DBAs are not formed in a week or a month. They are created little by little, day by day. Protracted and patient effort is needed to develop good DBAs.
    Spoon feeding : To treat (another) in a way that discourages independent thought or action, as by overindulgence.
    DB2 UDB LUW Certified V7-V8-V9-V9.7-V10.1-V10.5 DB Admin - Advanced DBA -Dprop..
    Information Server Datastage Certified
    http://www.infocura.be

  3. #3
    Join Date
    May 2012
    Posts
    155
    Hallo przytula_guy,

    thanks for the quick respond.

    I run:

    ratna@ratnaslaptop:~$ db2 "get snapshot for database on sample"
    SQL1092N "RATNA" does not have the authority to perform the requested command or operation.

    In fact, weeks a ago, the user db2inst1 has granted the user RATNA the privilege SYSADM. So, RATNA should be able to run the get snapshot command? Because in the documentation, it is stated that one of the following authorization is required:
    SYSADM, SYSCTRL, SYSMAINT, SYSMON

    If I run the command db2 "get snapshot for database on sample" from the user db2inst1, it works. But there are no informations regarding the user RATNA.

    What could be the problem here? Thank you very much.

    Regards,
    Ratna

  4. #4
    Join Date
    May 2012
    Posts
    155
    Hallo przytula_guy,

    It works. I found out that the Handle-ID from the user Ratna is 17. So I run this command from the USER db2inst1:

    db2 "get snapshot for application agentid 17"

    It gave me the informations I wanted:

    User authority:
    DBADM authority
    CREATETAB authority
    CONNECT authority
    DATAACCESS authority
    ACCESSCTRL authority

    Group authority:
    CREATETAB authority
    BINDADD authority
    CONNECT authority
    IMPLICIT_SCHEMA authority

    I have to be honest: I havent understood very well regarding the group. As RATNA was not created explicitely, just has been granted the authorities, I never had to deal with the term "groups". That s why I would like to ask you:
    Since RATNA just got authorities granted from db2inst1, would RATNA still be placed defaultly in some groups? I know these groups:
    db2iadm1
    db2fadm1
    dasadm1

    Thank you for your help.

    Regards,
    Ratna

  5. #5
    Join Date
    Apr 2006
    Location
    Belgium
    Posts
    2,514
    Provided Answers: 11
    userid-group relation is handled by o/s
    if a user belongs to the sysadm-group he will be sysadm
    not by granting sysadm = not possible
    "the user db2inst1 has granted the user RATNA the privilege SYSADM" : which command ??
    Best Regards, Guy Przytula
    Database Software Consultant
    Good DBAs are not formed in a week or a month. They are created little by little, day by day. Protracted and patient effort is needed to develop good DBAs.
    Spoon feeding : To treat (another) in a way that discourages independent thought or action, as by overindulgence.
    DB2 UDB LUW Certified V7-V8-V9-V9.7-V10.1-V10.5 DB Admin - Advanced DBA -Dprop..
    Information Server Datastage Certified
    http://www.infocura.be

  6. #6
    Join Date
    May 2012
    Posts
    155
    "the user db2inst1 has granted the user RATNA the privilege SYSADM" : which command ??

    Sorry, I have misswritten it. RATNA just have been granted to the privilege DBADM. Sorry...

    You wrote:
    if a user belongs to the sysadm-group he will be sysadm

    Does it mean, if db2inst1 grants SYSADM to ratna, then ratna will be automatically placed in the group db2iadm1 ?

    Or alternatively asking:
    Is there a relation between SYSADM and the group db2iadm1?
    If I put ratna with the linux command: useradd -u 1004 -g db2iadm1 -m -d /home/db2inst1 ratna
    What privileges would ratna have after this command? Receiving SYSADM privilege?

    Thank you for your time.

    Regards,
    Ratna

  7. #7
    Join Date
    Apr 2006
    Location
    Belgium
    Posts
    2,514
    Provided Answers: 11
    if in the dbm cfg : sysadm_group is specified as db2iadm1
    add user aa to this group db2iadm1 (with os command)
    user aa will be sysadm
    Best Regards, Guy Przytula
    Database Software Consultant
    Good DBAs are not formed in a week or a month. They are created little by little, day by day. Protracted and patient effort is needed to develop good DBAs.
    Spoon feeding : To treat (another) in a way that discourages independent thought or action, as by overindulgence.
    DB2 UDB LUW Certified V7-V8-V9-V9.7-V10.1-V10.5 DB Admin - Advanced DBA -Dprop..
    Information Server Datastage Certified
    http://www.infocura.be

  8. #8
    Join Date
    May 2012
    Posts
    155
    in my configuration:

    SYSADM group name (SYSADM_GROUP) = DB2IADM1

    omg, you are so good.. how long have you been in the db2 field?

    Thank you so much..

    Regards,
    Ratna

  9. #9
    Join Date
    Apr 2006
    Location
    Belgium
    Posts
    2,514
    Provided Answers: 11
    since 30 years. I started with sql/ds on vm/vse v1.1.1
    Best Regards, Guy Przytula
    Database Software Consultant
    Good DBAs are not formed in a week or a month. They are created little by little, day by day. Protracted and patient effort is needed to develop good DBAs.
    Spoon feeding : To treat (another) in a way that discourages independent thought or action, as by overindulgence.
    DB2 UDB LUW Certified V7-V8-V9-V9.7-V10.1-V10.5 DB Admin - Advanced DBA -Dprop..
    Information Server Datastage Certified
    http://www.infocura.be

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •