- All users are a member of the PUBLIC group.
- Only SYSADM/DBADM can grant/revoke the control privilege on the table/view/Nickname. GRANT/REVOKE ALL PRIVILEGE … syntax does not include CONTOL privilege. CONTROL privilege must be grant/revoke separately.
Instance level security only can be grant to the group
DBADM can be assigned to users or group. The user has DBADM authorities automatically has all the permission on the database objects except those been control by LBAC.
SECADM is designed to configure the LBAC.
LOAD is to allow user to bulked load data into table using either db2atld or LOAD command.
If control privilege been revoke from particular owner, all other privilege does not get automatically revoked but must be explicitly revoked,
If control privilege been revoke from particular owner, all other privilege does not get automatically revoked but must be explicitly revoked. View owner must has at least SELCT privilege on the base table. View owner only receive CONTROL privilege on the view if they also has CONTROL privilege on the base table .
Routine can be store procedure or user define function.
Server Privilege : For federation