Manuals / IBM / Kitchen Appliance / Frozen Dessert Maker

IBM VERSION 9 manual UNIX platforms, Related concepts, Related reference

Models: VERSION 9

1 109
Download 109 pages 12.57 Kb
Page 16
Image 16

UNIX platforms

A valid DB2 database user name that belongs to

 

the primary group of the instance owner.

SYSADM privileges are the most powerful set of privileges available within the DB2 database manager. As a result, you might not want all of these users to have SYSADM privileges by default. The DB2 database manager provides the administrator with the ability to grant and revoke privileges to groups and individual user IDs.

By updating the database manager configuration parameter sysadm_group, the administrator can control which group of users possesses SYSADM privileges. You must follow the guidelines below to complete the security requirements for both the DB2 database installation and the subsequent instance and database creation.

Any group defined as the system administration group (by updating sysadm_group) must exist. The name of this group should allow for easy identification as the group created for instance owners. User IDs and groups that belong to this group have system administrator authority for their respective instances.

The administrator should consider creating an instance owner user ID that is easily recognized as being associated with a particular instance. This user ID should have as one of its groups the name of the SYSADM group created above. Another recommendation is to use this instance-owner user ID only as a member of the instance owner group and not to use it in any other group. This should control the proliferation of user IDs and groups that can modify the instance, or any object within the instance.

The created user ID must be associated with a password to provide authentication before being permitted entry into the data and databases within the instance. The recommendation when creating a password is to follow your organization’s password naming guidelines.

Note: To avoid accidentally deleting or overwriting instance configuration or other files, administrators should consider using another user account, which does not belong to the same primary group as the instance owner, for day-to-day administration tasks that are performed on the server directly.

Related concepts:

v“General naming rules” in Administration Guide: Implementation

v“User, user ID and group naming rules” in Administration Guide: Implementation

v“Authentication” in Administration Guide: Planning

v“Authorization” in Administration Guide: Planning

v“Naming rules in a Unicode environment” in Administration Guide: Implementation

v“Naming rules in an NLS environment” in Administration Guide: Implementation

v“Location of the instance directory” in Administration Guide: Implementation

v“UNIX platform security considerations for users” in Administration Guide: Implementation

v“Windows platform security considerations for users” in Administration Guide: Implementation

Related reference:

v“Communications variables” in Performance Guide

8Getting started with DB2 installation and administration

Page 15 Page 17
Page 16
Image 16
IBM VERSION 9 manual UNIX platforms, Related concepts, v “General naming rules” in Administration Guide Implementation
Page 15 Page 17