Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 674
  • Last Modified:

Users & Schemas

1) I have DB2 EE 7.2.0 server installed on Win NT4/2000.

2) We have the following schemas listed in sample database of DB2 instance:
DB2ADMIN, DB2DBG, NULLID, SYSCAT, SYSFUN, SYSIBM & SYSSTAT. These are for grouping of objects.

3) We have the following DB Users: DB2ADMIN and DB Groups: PUBLIC & ADMINISTRATORS. I believe that DB2ADMIN belongs to ADMINISTRATORS group.

4) Also when a user creates the first object a corresponding schema is created.

5) DB2ADMIN created DB2ADMIN. Who created the rest of the schemas. Do they belong to group PUBLIC. We can only use them with dot operator to access their objects while connected to DB2ADMIN. Or we can directly connect to them in some way.

6) If we create more users at OS level like db2admin giving the set of OS level 2+4 privileges, how can we use them i.e. in what all situations do we need to create more OS level users.

7) db2admin was invloved during installation. Other OS users created later on are independent of DB2 server. How do we associate them with it. Which objects do NULLID and DB2DBG group & what is the user that they map to.
1 Solution
If you knew how NULLID, SYSFUN, SYSIBM were created, I mean the exact code, then you would have an easy hack into the database. These schemas are created when you do CREATE DATABASE. You need not concern yourself with these schemas:
NULLID, the binder of all base packages for DB2.
SYSIBM, the schema owner of all the system catalog tables for which all the SYSTAT and SYSCAT tables are based. You cannot update, insert, delete from the SYSIBM schema tables.
DB2DBG are for the debug tables for Stored Procedure Builder.

If I am user Harry and connect to the database and issue:
create table harry, the fully qualified table name is HARRY.HARRY. I am the owner of the table and have control over the table. User Harry may grant control or specific privlidges to other users.
If you want all users to connect to the database with same username/password, you do not need more users at OS level.Please explain what 2+4 privileges mean.
k_murli_krishnaAuthor Commented:
Please have a look at my points 3) & 4) and give me confirmation. The 2+4 menas:
A user account that will be used to perform the installation. The account you are logged in as must:
A) Be defined locally
B) Belong to the Local Administrator's group
Have the following advanced user rights:
a) Act as part of the operating system
b) Create token object
c) Increase quotas
d) Replace a process level token

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now