A privilege allows a specific function, sometimes restricted to a specific object. An authority is a set of privileges that often cover a set of objects.
Privileges and authorities can be obtained implicitly or explicitly:
To provide a wide range of control, there are many privileges. Privileges can be easily divided according to the following objects or categories:
|
Category |
Includes |
|
|
|---|---|---|---|
|
Buffer pool |
USE |
|
|
|
Collection |
CREATEIN |
PACKADM |
|
|
Database |
CREATETAB |
DISPLAYDB |
REORG |
|
Distinct Type |
USAGE |
|
|
|
Function |
EXECUTE |
|
|
|
JAR File |
USAGE |
|
|
|
Package |
BIND |
EXECUTE |
|
|
Plan |
BIND |
EXECUTE |
|
|
Role |
Roles have no explicit privileges. They can only be owned. |
||
|
Schema |
ALTERIN |
CREATEIN |
DROPIN |
|
Sequence |
USAGE |
ALTER |
|
|
Storage group |
USE |
|
|
|
Stored Procedure |
EXECUTE |
|
|
|
System |
ACCESSCTRL |
CREATESG |
SQLADM |
|
Table |
ALTER |
INSERT |
UPDATE |
|
Table space |
USE |
|
|
|
Trusted context |
Trusted context have no explicit privilege. They can only be owned |
||
For more details about each of the privileges, see the IBM DB2 Administration Guide.
The DB2 authorities form a hierarchy in which the privileges of each authority include the privileges of all authorities below it in the hierarchy. The list includes the following authorities:
The following illustration shows the hierarchy of DB2 authorities.
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|