`

db2v9-730-second chapte

 
阅读更多
Authentication is the first security feature you'll encounter when you attempt to
access a DB2 instance or database. DB2 authentication works closely with the
security features of the underlying operating system to verify user IDs and
passwords. DB2 can also work with security protocols like Kerberos to authenticate
users.
Authorization involves determining the operations that users and/or groups can
perform, and the data objects that they may access. A user's ability to perform
high-level database and instance management operations is determined by the
authorities that they have been assigned. The five different authority levels within
DB2 are SYSADM, SYSCTRL, SYSMAINT, DBADM, and LOAD.
Privileges are a bit more granular than authorities, and can be assigned to users
and/or groups. Privileges help define the objects that a user can create or drop.
They also define the commands that a user can use to access objects like tables,
views, indexes, and packages. New to DB2 9 is the concept of label-based access
control (LBAC), which allows more granular control of who can access individual
rows and/or columns.

以上3段话不是很懂啊!

2。db2种修改密码的方式:
  db2 connect to sample user test1 using test1 password 0215 confirm 0215

3. db2 update dbm cfg using authentication server
   db2 update dbm cfg using authentication server_encrypt 可以分别用下面的命令 db2 connect to sample user test1 using test1看看结果

4。DB2 authorities control the following aspects of a database security plan:
• The authority level that a user is granted
• The commands that a user is allowed to run
• The data that a user is allowed to read and/or alter
• The database objects a user is allowed to create, alter, and/or drop

5.Of the five authorities available
in DB2, SYSADM, SYSCTRL and SYSMAINT are instance-level authorities. That
means that their scope includes instance-level commands as well as commands
against all the databases within the instance. These authorities can only be assigned
to a group; you can do so through the DBM CFG file.
The DBADM and LOAD authorities are assigned to a user or group for a particular
database. This can be done explicitly using the GRANT command.
6.Users can determine what authorities and database-level privileges they have by
issuing the following command:
db2 get authorizations

7.SYSADM users
are the only users allowed to update the DBM CFG file.
SYSADM authority is controlled in the DBM CFG file via the SYSADM_GROUP
parameter. When the instance is created, this parameter is set to Administrator on
Windows (although it appears blank if you issue the command db2 get dbm cfg
). On UNIX, it is set to the primary group of the user who created the instance.
Since SYSADM users are the only users allowed to update the DBM CFG, they are
also the only ones allowed to grant any of the SYS* authorities to other groups. The  authority to the group db2grp1:.
Remember, this change will not take effect until the instance is stopped and then
restarted. Also, keep in mind that if you are not currently logged in as a member of
db2grp1, you may not have authority to restart the instance! You would have to log
out and log back in with an ID in the correct group, or add your current ID to
db2grp1.
8.Obtaining SYSCTRL authority
Users with SYSCTRL authority can perform all administrative and maintenance
commands within the instance. However, unlike SYSADM users, they cannot access
any data within the databases unless they are granted the privileges required to do
so. Examples of commands a SYSCTRL user can perform against any database in
the instance are:
• db2start/db2stop
• db2 create/drop database
• db2 create/drop tablespace
• db2 backup/restore/rollforward database
• db2 runstats (against any table)
• db2 update db cfg for database dbname
A user with SYSADM authority can assign SYSCTRL to a group using the following
command:
db2 update dbm cfg using SYSCTRL_GROUP group name

9.Obtaining SYSMAINT authority
The commands that a user with SYSMAINT authority can issue are a subset of
those allowed to users with SYSCTRL authority. SYSMAINT users can only perform
tasks related to maintenance, such as:
• db2start/db2stop
• db2 backup/restore/rollforward database
• db2 runstats (against any table)
• db2 update db cfg for database dbname
Notice that users with SYSMAINT cannot create or drop databases or tablespaces.
They also cannot access any data within the databases unless they are granted the
explicit privileges required to do so.
If you have SYSADM authority, you can assign SYSMAINT authority to a group

10.Obtaining DBADM authority
DBADM authority is a database-level authority rather than an instance-level
authority. In summary, DBADM users have complete control over a database --
almost. DBADM users cannot perform such maintenance or administrative tasks as:
• drop database
• drop/create tablespace
• backup/restore database
• update db cfg for database db name
However, they can perform the following tasks:
• db2 create/drop table
• db2 grant/revoke (any privilege)
• db2 runstats (any table)
DBADM users are also automatically granted all privileges to the database objects
and their contents. Since DBADM authority is a database-level authority, it can be
assigned to both users and groups. The following commands illustrate different ways
in which you can give DBADM authority.
• db2 create database test
This command gives implicit DBADM authority on the database named
test to the user who issued the command.
• db2 connect to sample
db2 grant dbadm on database to user tst1
This command can only be issued by SYSADM users; it issues DBADM
authority to the user tst1 on the sample database. Note that the issuing
user must be connected to the sample database before granting DBADM
authority.
• db2 grant dbadm on database to group db2grp1
This command grants DBADM authority to everyone in the group
db2grp1. Again, only SYSADM users can issue this command.

11.Obtaining LOAD authority


LOAD authority is also considered a database-level authority, and can therefore be
granted to both users and groups. As the name implies, LOAD authority allows users
to issue the LOAD command against a table. The LOAD command is typically used
as a faster alternative to insert or import commands when populating a table with
large amounts of data. Depending on the type of LOAD you wish to perform, having
LOAD authority alone may not be sufficient. Specific privileges on the table may also
be required.
The following commands can be run by users with LOAD authority:
• db2 quiesce tablespaces for table
• db2 list tablespaces
• db2 runstats (any table)
• db2 load insert (must have insert privilege on table)
• db2 load restart/terminate after load insert (must have
insert privilege on table)
• db2 load replace (must have insert and delete privilege on table)
• db2 load restart/terminate after load replace (must have
insert and delete privilege on table)
Only users with either SYSADM or DBADM authority are permitted to grant or
revoke LOAD authority to users or groups. The following examples illustrate how
LOAD authority can allow our user to LOAD data into a table called sales. Assume
that the command db2 connect to sample has already been issued.
• db2 grant load on database to user tst1
db2 grant insert on table sales to user tst1
With LOAD authority and insert privilege, tst1 could issue a LOAD
INSERT or a LOAD RESTART, or TERMINATE after a LOAD INSERT
against the sales table.
• db2 grant load on database to group grp1
db2 grant delete on table sales to group grp1
db2 grant insert on table sales to group grp1
With LOAD authority, as well as delete and insert privileges, any member
of grp1 could issue a LOAD REPLACE or a LOAD RESTART, or
TERMINATE after a LOAD REPLACE against the sales table.
分享到:
评论

相关推荐

    DB2-730中文教材-WATCH-watch.pdf

    本中文教材《DB2-730中文教材-WATCH-watch.pdf》旨在帮助读者了解DB2的产品和工具,以及如何处理不同类型的数据应用程序、数据仓库和OLAP概念。 一、DB2产品和工具基础 DB2包括多个版本,针对不同的操作系统平台,...

    Itrenzheng IBM DB2 000-730认证题库

    ### Itrenzheng IBM DB2 000-730 认证题库知识点解析 #### 一、概述 Itrenzheng 提供的 IBM DB2 000-730 认证题库旨在帮助考生通过该认证考试。DB2 9 Fundamentals 考试(代码:000-730)主要测试考生对 IBM DB2 ...

    db2v9安装配置说明

    以`root`用户身份登录后,解压`db2v9`包,然后通过执行`db2_install`脚本来开始安装过程。在安装向导中,保持默认路径不变,选择安装企业版(输入`ESE`)。 ##### 用户与组管理 为了DB2的顺利运行,需要在AIX系统...

    DB2 Express-C 快速入门书籍

    DB2 Express-C是IBM公司推出的一款免费、高性能的数据库管理系统,适用于Linux、UNIX和Windows操作系统,它旨在满足开发人员和小型企业对于数据库产品的需求。DB2 Express-C具有易于使用、功能强大、灵活性高等特点...

    DB2 Express-C 快速入门.zip

    DB2 Express-C是一款免费的数据库管理系统,由IBM公司提供,适用于小型企业和个人开发者。它集成了企业级数据库功能,提供了一种经济高效的方式来处理数据存储和管理任务。本压缩包包含了一份“DB2 Express-C 快速...

    DB2 Express-C快速入门

    DB2 Express-C是一款免费的IBM数据库管理系统,专为开发者和小型企业设计,提供了一种经济高效的方式来处理数据存储和管理。本快速入门指南将帮助读者迅速掌握DB2 Express-C的基本概念、安装步骤以及如何进行基本...

    DB2-730中文教材--适合数据库开发人员以及对数据库有兴趣的人

    DB2 是 IBM 开发的一款强大的关系型数据库管理系统,广泛应用于企业级的数据存储和管理。本教程针对数据库开发人员和对数据库感兴趣的个人,提供了全面的 DB2 9 知识,覆盖了从规划到数据处理的多个核心领域。 首先...

    深入解析DB2--高级管理,内部体系结构与诊断案例.7z.003

    深入解析DB2--高级管理,内部体系结构与诊断案例.7z.003

    DB2-v9-Admin-Workshop-for-Windows.zip_db2

    【DB2 v9 管理工作坊:Windows版】 DB2是IBM开发的一款企业级关系型数据库管理系统,广泛应用于各种规模的企业中。本课程“DB2 Admin Workshop for Windows”专注于在Windows环境下对DB2 v9进行管理和维护,旨在...

    DB2-v9-SQL-Workshop.zip_db2

    "DB2 v9 SQL Workshop" 是一个专门针对DB2 v9版本的SQL(结构化查询语言)培训课程,旨在帮助用户深入理解和掌握如何在DB2环境中有效地使用SQL进行数据操作。 SQL,全称为Structured Query Language,是用于管理和...

    DB2-730中文教材

    DB2-730中文教材是针对DB2 9基础认证的学习资料,旨在帮助考生理解和掌握DB2的基础知识,以通过相关的认证考试。以下是该教材涵盖的一些关键知识点: 1. **DB2产品**:DB2产品家族包括多种版本,如DB2 Express-C...

    db2jcc-1.0.jar

    db2jcc-1.0.jar

    DB2-730中文教程

    ### DB2-730中文教程知识点概览 #### 一、DB2规划 - **DB2产品概述**:DB2是由IBM开发的一款强大的数据库管理系统,适用于多种平台,包括Linux、UNIX和Windows(LUW)。它以其卓越的性能、可用性、可伸缩性和易管理...

    深入解析DB2--高级管理,内部体系结构与诊断案例02

    《深入解析DB2--高级管理,内部体系结构与诊断案例》 《循序渐进DB2.DBA系统管理、运维与应用案例》 这个资源是第三本《循序渐进DB2.DBA系统管理、运维与应用案例》,此三本书,我会全部上传的,又喜欢DB2的兄弟们下...

    DB2-730 认证 IBM内部培训PPT

    DB2-730认证是IBM为专业技术人员提供的一项专业认证,旨在验证个人在DB2数据库管理和优化方面的技能和知识。这份IBM内部培训PPT包含了对DB2认证考试的重要学习资源,覆盖了多个主题和学习周的内容,帮助考生深入了解...

    DB2高可用性实例配置(db2haicu--TSA)

    ### DB2高可用性实例配置(db2haicu--TSA) #### 一、核心概念与背景 **DB2高可用性(HA)**是指在IBM DB2 for Linux, UNIX中利用一系列技术来确保数据库服务的连续性。当发生硬件故障、软件异常或网络中断时,能够...

    IBM内部培训资料_DB2-730 认证

    【IBM DB2-730 认证详解】 IBM DB2-730认证是针对IBM数据管理专家的专业资格认证,旨在验证候选人对DB2 11 for z/OS核心功能、管理和性能优化的深入理解。这个认证对于那些在大型机环境中工作,特别是涉及DB2数据库...

    DB2 V9 课程.rar

    DB2 V9是IBM推出的一款企业级关系型数据库管理系统,其在数据管理、性能优化、安全性和稳定性方面具有显著特点。以下是对DB2 V9各关键知识点的详细说明: 1. **DB2 V9架构** (EW02_DB2v9_Architecture.ppt) - DB2 ...

    DB2 基础---DB2进程

    DB2是IBM开发的一款关系型数据库管理系统,广泛应用于企业级数据存储和管理。在DB2系统中,进程扮演着至关重要的角色,它们是系统运行的基础,负责执行SQL语句、管理内存、处理并发请求以及与操作系统进行交互。下面...

Global site tag (gtag.js) - Google Analytics