DB2权限管理(3)

SYSCTRL group name (SYSCTRL_GROUP) =

[db2inst1@O11g64 ~]$ db2 update dbm cfg using SYSCTRL_GROUP db2ctlgrp DB20000I The UPDATE DATABASE MANAGER CONFIGURATION command completed successfully. SQL1362W One or more of the parameters submitted for immediate modification were not changed dynamically. Client changes will not be effective until the next time the application is started or the TERMINATE command has been issued. Server changes will not be effective until the next DB2START command.
db2stop db2start
[db2inst1@O11g64 ~]$ db2 get dbm cfg|grep "SYSCTRL" SYSCTRL group name (SYSCTRL_GROUP) = DB2CTLGRP

2.授与用户权限 db2 connect to xcldb

db2 "grant dbadm on database to user db2ctlusr"

db2 connect reset

3.收回权限

db2 connect to xcldb db2 " revoke dbadm on database from user db2ctlusr " db2 connect reset

常见问题 : 报SQL5001N错误: 原因是需要SYSADM权限才能更改数据库管理器配置文件 使用下面命令查出组 [db2inst1@O11g64 ~]$ db2 get dbm cfg|grep "SYSADM" SYSADM group name (SYSADM_GROUP) = DB2IADM1 进入此组下的用户,再去执行更新权限 [root@O11g64 bin]# id db2inst1 uid=1051(db2inst1) gid=1010(db2iadm1) groups=1010(db2iadm1),1020(db2fadm1)

[root@O11g64 bin]# ./db2 update dbm cfg using SYSCTL_GROUP db2ctlgrp SQL0104N An unexpected token "SYSCTL_GROUP" was found following "USING". Expected tokens may include: "AGENTPRI". SQLSTATE=42601

其它的 -- public是全部用户 grant select on emp to group db2ctlgrp2
查询 -- 所有与权限相关的系统表 db2 " select substr(tabname,1,20) from syscat.tables where tabschema='SYSCAT' and tabname like '%AUTH' "; db2 " select * from DBAUTH"

角色 create role myrole grant select on table vacation to rle myrole grant role myrole to user myusr1,user myus2 revoke role myrole from user myusr1;
-- 用户可以授予或撤消其它人角色,这个到和Oracle一个样 grant role myrole to user myusr1 with admin option


还有更细粒度的访问控制,基于标签的访问控制(LBAC) 工作原理是在 行级,列级或行列同时设置 安全性标签,以便特定用户 是否可以访问一个表中的某些行或列.
这个好像没用上,不深究了.