db2权限列表:
| Function | SYSADM | SYSCTRL | SYSMAINT | SYSMON |
SECADM | DBADM | 说明 |
| Update Database Manager Configuration parameters | √ | 修改实例配置参数 | |||||
| Grant/revoke DBADM authority | √ | 分配或回收DBADM权限 | |||||
| Establish/change SYSCTRL authority | √ | 创建或更改SYSCTRL权限 | |||||
| Establish/change SYSMAINT authority | √ | 创建或更改SYSMAINT权限 | |||||
| Force users off the database | √ | √ | 强制结束用户连接 | ||||
| Create/drop databases | √ | √ | 创建或删除数据库 | ||||
| Restore to new database | √ | √ | 还原成新数据库 | ||||
| Update database configuration parameters | √ | √ | √ | 更改数据库配置参数 | |||
| Back up databases/table spaces | √ | √ | √ | 备份数据库或表空间 | |||
| Restore to existing database | √ | √ | √ | 还原已存在数据库 | |||
| Perform roll forward recovery | √ | √ | √ | 执行前滚操作(还原) | |||
| Start/stop instances | √ | √ | √ | 启动和停止实例 | |||
| Restore table spaces | √ | √ | √ | 还原表空间 | |||
| Run traces | √ | √ | √ | 运行trance | |||
| Obtain monitor snapshots | √ | √ | √ | √ | 获取数据库快照 | ||
| Query table space states | √ | √ | √ | √ | 查询表空间状态 | ||
| Prune log history files | √ | √ | √ | √ | 清除历史记录 | ||
| Quiesce table spaces | √ | √ | √ | √ | 静默表空间 | ||
| Quiesce databases | √ | √ | 静默数据库 | ||||
| Quiesce instances | √ | √ | 静默实例 | ||||
| Load tables | √ | √ | Load | ||||
| Set/unset check pending status | √ | √ | |||||
| Create/drop event monitors | √ | √ | √ | 创建或删除事件监视器 | |||
| Create/drop security label components | √ | 创建或删除LBAC组件 | |||||
| Create/drop security policies | √ | 创建或删除LBAC策略 | |||||
| Create/drop security labels | √ | 创建或删除LBAC | |||||
| Create/drop roles | √ | 创建或删除LBAC Roles | |||||
| Create/drop trusted contexts | √ | 创建或删除LBAC信任 | |||||
| Grant/revoke security lables | √ | 分配或回收LBAC | |||||
| Grant/revoke LBAC rule exemptions | √ | 分配或回收LBAC rule | |||||
| Grant/revoke setsessionuser privileges | √ | ||||||
| Grant/revoke roles | √ | ||||||
| Execute TRANSFER OWNERSHIP statement | √ | 更改拥有者 |
特权列表:
| DB2 Administrative Privileges | ||
| Object | Privilege | Description |
| Index | CONTROL | Allows the user to have control on the index. This privilege is used on drop index only.Allows the user to have control on the index. This privilege is used on drop index only. |
| Package | CONTROL | Allows the user to rebind, drop, and execute the package and grant package privileges to others.Allows the user to rebind, drop, and execute the package and grant package privileges to others. |
| BIND | Allows the user to bind or rebind the package or create a new version of the package.Allows the user to bind or rebind the package or create a new version of the package. |
|
| EXECUTE | Allows the user to execute the package. | |
| Routine (function,procedure and method) | EXECUTE | Allows the user to execute the routine. |
| Schema | ALTERIN | Allows the user to alter objects defined in that schema. |
| CREATEIN | Allows the user to create objects defined in that schema. | |
| DROPIN | Allows the user to drop objects defined in that schema. | |
| Security label | ALL ACCESS | Allows the user read and write access with the security label. |
| READ ACCESS | Allows the user read access with the security label. | |
| WRITE ACCESS | Allows the user write access with the security label. | |
| Sequence | USAGE | Allows the user to use NEXTVAL and PREVVAL expressions for the sequence.Allows the user to use NEXTVAL and PREVVAL expressions for the sequence. |
| ALTER | Allows the user to alter sequence properties using ALTER SEQUENCE statement.Allows the user to alter sequence properties using ALTER SEQUENCE statement. |
|
| Server | PASSTHRU | Allows the user to access and use a specified data source in a pass-through mode in a federated environment.Allows the user to access and use a specified data source in a pass-through mode in a federated environment. |
| Tablespace | USE | Allows the user to create tables in a specified tablespace. |
| Table,view,nickname,MQT,staging table | ALL | This keyword allows every available privilege,including CONTROL, to be granted to the user. The user has all rights to the object. |
| CONTROL | Gives the user all privileges on the table, view, MQT, staging table, or nickname, and the ability to grant those privileges to others (except CONTROL). |
|
| ALTER (table and nickname) | Allows the user to alter the definition of the table or the nickname. | |
| DELETE | Allows the user to delete rows in the table, MQT, staging table, or updatable view. To delete a row from a nickname, the delete privilege on the nickname is required in addition to the required privilege at the data source for the delete operation. |
|
| INDEX (table and nickname) |
Allows the user to create an index on a table or an index specification on a nickname. | |
| INSERT | Allows the user to insert data into a table, an updatable view, an MQT, and a staging table and run the import utility against a table, an updatable view, an MQT, and a staging table. To insert or import into a nickname, the insert privilege on the nickname is required in addition to the required privilege at the data source for the delete operation. |
|
| REFERENCES (table) |
Allows the user to create or drop a foreign key referencing the table as parent. | |
| SELECT | Allows the user to retrieve data, create encapsulated objects such as a view referencing the table, and run the export utility against the object. |
|
| UPDATE | Allows the user to issue an update statement on the object. |
|
| XSR object | USAGE | Allows the user to use the XML schema (XSR object). Currently, usage privilege on XSR objects can be granted only to PUBLIC. |
| Exemption on one or all access rules for a specified LBAC security policy | EXEMPTION | Allows the user to access a protected table without the exempted rule being enforced. |
| Setsessionuser | SETSESSIONUSER | Allows the user to use the SET SESSION AUTHORIZATION statement to set the session authorization ID to a specified authorization ID. |
其实还有两张图,因为复制不过来下次再弄把。
No comments:
Post a Comment