Several Db2 administrative
authorities provide the same functionality in Db2 for z/OS® and Db2 for Linux®, UNIX, and Windows. With these authorities, administrators who
manage Db2 on multiple operating
systems can manage their database environments in a consistent approach.
The following authorities provide the same administrative functionality in
Db2 for z/OS and
Db2 for Linux, UNIX, and Windows:
Table 1. Common Db2 administrative
authorities
| Administrative authority |
Capabilities |
| System DBADM |
- Manages resources in all databases
- Does not have access to data or the ability to grant and revoke privileges
- Executes system-defined routines (that is, stored procedures or functions) and any package
within the routines
- Has implicit SELECT access on all catalog tables
|
| SECADM |
- Controls access to all database resources
- Manages security-related objects (that is, roles, trusted contexts, row permissions, and column
masks)
- Grants and revokes explicit privileges that are granted by itself and others
- Has implicit SELECT access on all catalog tables
|
| ACCESSCTRL |
- Grants privileges on all but security-related objects and resources
- Revokes privileges on all but security-related objects and resources that are granted by itself
or others
- Does not grant the system DBADM, DATAACCESS, or ACCESSCTRL authority
- Has implicit SELECT access on all catalog tables
|
| DATAACCESS |
- Has the ability to access data in all user tables, views, and materialized query tables
- Has the ability to execute all plans, packages, functions, and procedures
- Has implicit SELECT access on all catalog tables
|
| SQLADM |
- Issues EXPLAIN SQL statements and PROFILE commands
- Executes RUNSTATS and MODIFY STATISTICS utilities on all user databases
- Performs tasks that require EXPLAIN and MONITOR2 privileges
- Executes system defined routines (that is, stored procedures or functions) and any package
executed within the routines
- Has implicit SELECT access on all the catalog tables
|
Db2 for z/OS provides both the system
DBADM authority and the DBADM authority, with each having a set of privileges. The system DBADM
authority allows you to manage objects in all databases across a Db2 subsystem, but doesn't give you access to the
data in the databases. In addition, with the system DBADM authority, you can perform administrative
tasks and issue commands for a Db2
subsystem, but you don't have the authority to execute objects or the ability to grant or revoke
privileges.
Unlike the system DBADM authority, the DBADM authority allows you to manage
objects in a specific database and gives you access to the data in that database. You also get the
privileges of the DBCTRL and DBMAINT authorities over the same database.