Sunday, June 9, 2013

0 DB2 Security 101

  • All users are a member of the PUBLIC group.
  • Only SYSADM/DBADM can grant/revoke the control privilege on the table/view/Nickname. GRANT/REVOKE ALL PRIVILEGE … syntax does not include CONTOL privilege. CONTROL privilege must be grant/revoke separately.

DB2 Authorities

Instance level security only can be grant to the group

  • SYSADM
  • SYSCTRL
  • SYSMAINT
  • SYSMON

image

  • DBADM
  • SECADM
  • LOAD

DBADM can be assigned to users or group. The user has DBADM authorities automatically has all the permission on the database objects except those been control by LBAC.

SECADM is designed to configure the LBAC.

LOAD is to allow user to bulked load data into table using either db2atld or LOAD command.

DB2 Privilege

Database privilege

  • CONNECT
  • QUIESCE_CONNECT
  • IMPLICIT_SCHEMA
  • CREATETAB
  • BINDADD
  • CREATE_EXTERNAL_ROUTINE
  • CREATE_NOT_FENCED_ROUNTINE
  • LOAD

Schema privilege

  • CREATEIN
  • ALTERIN
  • DROPIN

Table Privilege

If control privilege been revoke from particular owner, all other privilege does not get automatically revoked but must be explicitly revoked, 

  • CONTROL
  • SELECT
  • INSERT
  • UPDATE
  • DELETE
  • INDEX
  • REFERENCE

View Privilege

If control privilege been revoke from particular owner, all other privilege does not get automatically revoked but must be explicitly revoked. View owner must has at least SELCT privilege on the base table. View owner only receive CONTROL privilege on the view if they also has CONTROL privilege on the base table .

  • CONTROL
  • SELECT
  • INSERT
  • UPDATE
  • DELETE

Index privilege

  • Control

Sequence Privilege

  • USAGE
  • ALTER

Routine privilege

Routine can be store procedure or user define function.

  • EXECUTE

Package privilege

  • CONTROL
  • BIND
  • EXECUTE

Server Privilege : For federation

  • PASSTHROU

Nickname privilege

  • CONTROL
  • ALTER
  • SELECT
  • INSERT
  • UPDATE
  • DELETE
  • INDEX
  • REFERENCE

0 comments:

Post a Comment

 

SQL Panda Copyright © 2011 - |- Template created by O Pregador - |- Powered by Blogger Templates