DB2五种管理权限
SYSADM, SYSCTRL SYSMAINT DBADM and LOAD
前三个权限是instance-level,and can only be assigned to a group and are done
so through the Database Manager Configuration file.
后两个权限是database-level,are assigned to a user or group for a particular
database.
>SYSADM
SYSADM authority in DB2 is comparable to root authority on UNIX or
Administrator authority on Windows. Users with SYSADM authority are able to
issue any DB2 commands against that DB2 instance, any databases within the
instance, and any objects within those databases.
SYSADM users are the only users allowed to update the Database Manager
Configuration (DBM CFG) file.
>SYSCTRL
Users with SYSCTRL authority can perform all administrative and maintenance
commands within the instance. However, unlike SYSADM users, they cannot
access any data within the databases unless they are granted the
privileges required to do so.
Examples of commands a SYSCTRL user can perform against any database in the
instance are:
· db2start/db2stop
· db2 create/drop database
· db2 create/drop tablespace
· db2 backup/restore/rollforward database
· db2 runstats (against any table)
· db2 update db cfg for database dbname
SYSMAINT
a user with SYSMAINT authority can issue are a subset of those allowed
for SYSCTRL authority -- just the tasks that are considered "maintenance"
related. The following are examples:
· db2start/db2stop
· db2 backup/restore/rollforward database
· db2 runstats (against any table)
· db2 update db cfg for database dbname
Notice that users with SYSMAINT cannot create or drop databases or
tablespaces. They also cannot access any data within the databases unless
they are granted the privileges required to do so.
DBADM
DBADM users have complete control over the database.
DBADM users cannot perform any maintenance or administrative tasks like drop
database, drop/create tablespace, backup/restore database.
They can however do the following:
· db2 create/drop table
· db2 grant/revoke (any privilege)
· db2 runstats (any table)
DBADM users are also automatically granted all privileges to the database
objects and their contents. Since DBADM authority is a database-level
authority, it can be assigned to both users and groups.
LOAD
This authority is new to DB2 Version 7. As the name implies, LOAD authority
allows users to issue the LOAD command against a table.
The following commands can be run by users with LOAD authority:
· db2 quiesce tablespaces for table
· db2 list tablespaces
· db2 runstats (any table)
· db2 load insert (must have insert privilege on table)
· db2 load restart/terminate after load insert (must have insert privilege
on table)
· db2 load replace (must have insert and delete privilege on table)
· db2 load restart/terminate after load replace (must have insert and
delete privilege on table)
另外:Only users with either SYSADM or DBADM authority are permitted to
grant or revoke LOAD authority to users or groups.
阅读(3524) | 评论(0) | 转发(0) |
