System maintenance authority (SYSMAINT)

SYSMAINT authority is the second level of system control authority. This authority provides the ability to perform maintenance and utility operations against the database manager instance and its databases. These operations can affect system resources, but they do not allow direct access to data in the databases.

System maintenance authority is designed for users maintaining databases within a database manager instance that contains sensitive data.

SYSMAINT authority is assigned to the group specified by the sysmaint_group configuration parameter. If a group is specified, membership in that group is controlled outside the database manager through the security facility used on your platform.

Only a user with SYSMAINT or higher system authority can perform the following actions:
  • Back up a database or table space
  • Restore to an existing database
  • Perform roll forward recovery
  • Force users off the system
  • Start or stop an instance
  • Restore a table space
  • Run a trace, using the db2trc command
  • Take database system monitor snapshots of a database manager instance or its databases.
A user with SYSMAINT authority can perform the following actions:
  • Query the state of a table space
  • Update log history files
  • Quiesce a table space
  • Reorganize a table
  • Collect catalog statistics using the RUNSTATS utility.

Users with SYSMAINT authority also have the implicit privilege to connect to a database, and can perform the functions of users with system monitor authority (SYSMON).