Administrative authorities
Within Db2, privileges are grouped into administrative authorities, and each administrative authority is vested with a specific set of privileges.
The following table lists all of the Db2 for z/OS® administrative authorities and the grantable privileges that each of them has.
Authority | Included authorities | Additional grantable privileges |
---|---|---|
ACCESSCTRL | None | Privileges on all catalog tables: SELECT
Privileges on updatable catalog tables (except SYSIBM.SYSAUDITPOLICIES):DELETE INSERT UPDATE
Privileges on security:GRANT REVOKE
|
DATAACCESS | None | System privileges: DEBUGSESSION
Privileges on all user tables, views, and MQTs:DELETE INSERT SELECT UPDATE
Privileges on all plans, packages, and routines:EXECUTE
Privileges on all user databases:LOAD RECOVERDB REORG REPAIR
Privileges on all JARs:USAGE
Privileges on all sequences:USAGE
Privileges on all distinct types:USAGE
Privileges on all catalog tables:SELECT
Privileges on updatable catalog tables (except SYSIBM.SYSAUDITPOLICIES):DELETE INSERT UPDATE
|
DBADM | DBCTRL, DBMAINT | Privileges on tables in a database: ALTER DELETE INDEX INSERT REFERENCES SELECT TRIGGER UPDATE DROP
|
DBCTRL | DBMAINT | Privileges on a database: DROP LOAD RECOVERDB
REORG REPAIR |
DBMAINT | None | Privileges on a database: CREATETAB CREATETS DISPLAYDB IMAGCOPY
STATS STARTDB STOPDB |
Installation SYSADM | SYSADM, SYSCTRL, DBADM, Installation SYSOPR, SYSOPR, PACKADM, DBCTRL, DBMAINT, SECADM, System DBADM, SQLADM, ACCESSCTRL, DATAACCESS | Privileges on security: GRANT REVOKE
|
Installation SYSOPR | SYSOPR | System privileges:![]() STARTDB (cannot alter access mode) ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
PACKADM | None | Privileges on a collection: CREATEIN
Privileges on all packages in a collection:BIND COPY EXECUTE
|
SECADM | ACCESSCTRL | Privileges on all catalog tables: SELECT
Privileges on all updatable catalog tables:DELETE INSERT UPDATE
Privileges on security:GRANT REVOKE
Privileges on security-related objects:ALTER CREATE DROP
|
SQLADM | None | System privileges: EXPLAIN MONITOR1 MONITOR2
Privileges on system-defined packages and routines:EXECUTE
Privileges on all catalog tables:SELECT
Privileges on updatable catalog tables (except SYSIBM.SYSAUDITPOLICIES):DELETE INSERT UPDATE
![]() ![]() ![]() ![]() |
SYSADM | ![]() ![]() ![]() ![]() |
Privileges on all plans: EXECUTE
Privileges on all routines:EXECUTE
Privileges on all packages:All privileges
Privileges on distinct types:USAGE
Privileges on sequences:USAGE
System privileges:DEBUGSESSION
EXPLAIN privilege |
SYSCTRL | ![]() ![]() |
System privileges: BINDADD BINDAGENT BSDS
Privileges on all tables:CREATEALIAS CREATEDBA CREATEDBC CREATESG CREATETMTAB MONITOR1 MONITOR2 STOSPACE ALTER INDEX REFERENCES TRIGGER
Privileges on all catalog tables:SELECT
Privileges on updatable catalog tables (except SYSIBM.SYSAUDITPOLICIES):DELETE INSERT UPDATE
Privileges on all plans:BIND
Privileges on all packages:BIND COPY
Privileges on all collections:CREATEIN
Privileges on all schemas:ALTERIN CREATEIN DROPIN
Privileges on use:BUFFERPOOLS STOGROUP TABLESPACE
|
SYSOPR | None | Privileges: DISPLAY RECOVER STOPALL TRACE
Privileges on routines:DISPLAY START STOP
|
System DBADM | SQLADM | System privileges: BINDADD BINDAGENT CREATEALIAS
Privileges on all collections:CREATEDBA CREATEDBC CREATETMTAB DISPLAY EXPLAIN MONITOR1 MONITOR2 SQLADM STOPALL TRACE CREATEIN
Privileges on all user databases:CREATETAB CREATETS DISPLAYDB
Privileges on all user tables (except for those defined with row permissions or column masks):DROP IMAGCOPY RECOVERDB STARTDB ![]() ![]() ALTER INDEX REFERENCES TRIGGER
Privileges on all packages:BIND COPY
Privileges on all plans:BIND
|
System DBADM (continued) | SQLADM | Privileges on system-defined packages and routines: EXECUTE
Privileges on all schemas:ALTERIN CREATEIN DROPIN
Privileges on all sequences:ALTER
Privileges on all distinct types:USAGE
Privileges on use:TABLESPACE
Privileges on all catalog tables:SELECT
Privileges on updatable catalog tables (except SYSIBM.SYSAUDITPOLICIES):DELETE INSERT UPDATE
|
Note: