We help IT Professionals succeed at work.

DELETE Permissions

Los Angeles1
Los Angeles1 asked
on
I performed the following command, and have a couple questions

db2 => select grantor, grantee, tcreator, ttname, deleteauth, insertauth from sysibm.systabauth where ttname = 'CATALOG'

GRANTOR                                                                                                                          GRANTEE                                                                                                                          TCREATOR                                                                                                                         TTNAME                                                                                                                           DELETEAUTH INSERTAUTH
-------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- ---------- ----------
SYSIBM                                                                                                                           DB2INST1                                                                                                                         DB2INST1                                                                                                                         CATALOG                                                                                                                          G          G
DB2INST1                                                                                                                         PUBLIC                                                                                                                           DB2INST1                                                                                                                         CATALOG                                                                                                                          Y          Y

  2 record(s) selected.

Open in new window

1> What does the value 'G' mean in the DELETEAUTH field

2> Does this mean db2inst1 has explicit DELETE permission

3> Does this mean db2inst1 has implicit DELETE permissions

4> What is the difference between GRANTOR, GRANTEE, and  TCREATOR

Thanks
Comment
Watch Question


1> What does the value 'G' mean in the DELETEAUTH field
it means with grant option. That the user who has the permission, can also grant it to others

2> Does this mean db2inst1 has explicit DELETE permission
not necessarily. When an object is created the owner automatically receives all permission and they are listed in this table

3> Does this mean db2inst1 has implicit DELETE permissions
maybe. see answer 2

4> What is the difference between GRANTOR, GRANTEE, and  TCREATOR

grantor is the one who gave the permission
grantee is the one who received the permission from the grant
tcreator is the schema of the object on which permissions were granted

Author

Commented:
How can I definitively determine if db2inst1 has DELETE permission on catalog ?
according to the output you attached, it does
not that it matters cause you can't issue delete statements against the catalog tables (at least not against most of them)

Author

Commented:
I dont quite understand, from your previous post:

2> Does this mean db2inst1 has explicit DELETE permission
not necessarily. When an object is created the owner automatically receives all permission and they are listed in this table

Open in new window


I do not understand why you said 'not necessarily'  So I am not sure why you say the catalog table (I created this one) has DELETE permissions.  Which field says it has DELETE PERMISSION
when deleteauth is g or y then the grantee has permissions to delete

by not necessarily i referred to the explicit part, not the permissions part

Explore More ContentExplore courses, solutions, and other research materials related to this topic.