Administrative authorities
Within DB2®, privileges are grouped into administrative authorities, and each administrative authority is vested with a specific set of privileges.
The following table lists all of the DB2 for z/OS® administrative authorities and the grantable privileges that each of them has.
Authority | Included authorities | Additional grantable privileges |
---|---|---|
ACCESSCTRL | None | Privileges on all catalog tables:
Privileges
on updatable catalog tables (except SYSIBM.SYSAUDITPOLICIES):
Privileges
on security:
|
DATAACCESS | None | System privileges:
Privileges
on all user tables, views, and MQTs:
Privileges
on all plans, packages, and routines:
Privileges
on all user databases:
Privileges
on all JARs:
Privileges on all sequences:
Privileges
on all distinct types:
Privileges on all
catalog tables:
Privileges on updatable
catalog tables (except SYSIBM.SYSAUDITPOLICIES):
|
DBADM | DBCTRL, DBMAINT | Privileges on tables in a database:
|
DBCTRL | DBMAINT | Privileges on a database:
|
DBMAINT | None | Privileges on a database:
|
Installation SYSADM | SYSADM, SYSCTRL, DBADM, Installation SYSOPR, SYSOPR, PACKADM, DBCTRL, DBMAINT, SECADM, System DBADM, SQLADM, ACCESSCTRL, DATAACCESS | Privileges on security:
|
Installation SYSOPR | SYSOPR | System
privileges:
|
PACKADM | None | Privileges on a collection:
Privileges
on all packages in a collection:
|
SECADM | ACCESSCTRL | Privileges on all catalog tables:
Privileges
on all updatable catalog tables:
Privileges
on security:
Privileges
on security-related objects:
|
SQLADM | None | System
privileges:
Privileges on system-defined
packages and routines:
Privileges on all catalog
tables:
Privileges on updatable catalog tables (except
SYSIBM.SYSAUDITPOLICIES):
|
SYSADM | SYSCTRL, DBADM, Installation SYSOPR (except accessing DB2 when the subsystem is started with ACCESS(MAINT)), SYSOPR, PACKADM, DBCTRL, DBMAINT, SECADM, System DBADM, SQLADM, ACCESSCTRL, DATAACCESS | Privileges on all plans:
Privileges
on all routines:
Privileges on all
packages:
Privileges on distinct
types:
Privileges on sequences:
System
privileges:
EXPLAIN privilege |
SYSCTRL | Installation SYSOPR (except accessing DB2 when the subsystem is started with ACCESS(MAINT)), SYSOPR, DBCTRL, DBMAINT, ACCESSCTRL (except the ability to grant certain authorities, such as DBADM, SYSADM, PACKADM, and certain privileges, such as DELETE, INSERT, SELECT, and UPDATE on user tables or views, EXECUTE on plans, packages, functions, or stored procedures, PACKADM on collections, and USAGE on distinct types, JARs, and sequences) | System privileges:
Privileges on all tables:
Privileges
on all catalog tables:
Privileges on
updatable catalog tables (except SYSIBM.SYSAUDITPOLICIES):
Privileges
on all plans:
Privileges on all packages:
Privileges
on all collections:
Privileges on
all schemas:
Privileges
on use:
|
SYSOPR | None | Privileges:
Privileges
on routines:
|
System DBADM | SQLADM | System
privileges:
Privileges
on all collections:
Privileges on all user
databases:
Privileges
on all user tables (except for those defined with row permissions or column
masks):
Privileges on all
packages:
Privileges on all
plans:
Privileges on system-defined packages and
routines:
Privileges on all
schemas:
Privileges on all
sequences:
Privileges on all distinct
types:
Privileges on use:
Privileges on
all catalog tables:
Privileges on updatable catalog tables (except
SYSIBM.SYSAUDITPOLICIES):
|