Grant DB2 SECADM to userid from an existing LocalSystem (Windows) SECADM account

Technote (FAQ)


Question

How to grant SECADM to a userid if a LocalSystem account (Windows) currently holds DB2 SECADM authority?

Cause

In DB2 V9.7, Security administrator (SECADM) abilities have been extended. Only SECADM authority provides the ability to grant and revoke all authorities and privileges to other users.

Answer

For Windows XP/2003:

  • Start a command prompt (cmd.exe) window as LocalSystem by issuing 'at' command with a future time (say 1 min later)

    For example: C:\Documents and Settings\ at 16:35 /interactive cmd.exe
    Assuming current time as 16:34
  • In a new cmd.exe window, issue db2cmd
    Launches DB2 Command Window
  • Connect to DB2 database: db2 connect to <dbanme>
    It shows the auth id as SYSTEM (alternatively you can run whoami to verify)
  • Grant SECADM to a specific user:
    db2 GRANT SECADM on <dbname> to USER <user>

On Windows Kernel 6 or greater OS (Windows 7/2008 or similar), the interactive mode command fails with an error similar to this >at 16:38 /interactive cmd.exe

Warning: Due to security enhancements, this task will run at the time expected but not interactively.
Use schtasks.exe utility if interactive task is required ('schtasks /?' for details).
Added a new job with job ID = 1

In order to workaround this issue on Windows Kernel 6 or greater (includes Windows 7/2008/2008 R2 or similar), please follow the below procedure:

  • Download and install Windows utility called psexec.exe:
    http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
  • Open cmd.exe
  • Navigate to the location of psexec and ran the below command:
    PSEXEC -i -s -d db2cmd.exe
    You are now logged in as SYSTEM
  • Navigate to the location of db2cmd.exe.
  • Connect to DB2 database:
    db2 connect to dbname
  • Grant SECADM to a specific user:
    db2 GRANT SECADM on <dbname> to USER <user>

Related information

Security administration authority (SECADM)
GRANT statement

Rate this page:

(0 users)Average rating

Document information


More support for:

DB2 for Linux, UNIX and Windows
Administration - Authorization (Grant/Revoke privileges/authorities)

Software version:

9.7, 10.1, 10.5

Operating system(s):

Windows

Software edition:

Advanced Enterprise Server, Advanced Workgroup Server, Enterprise Server, Express, Personal, Workgroup Server

Reference #:

1633475

Modified date:

2014-02-17

Translate my page

Machine Translation

Content navigation