Question & Answer
Question
Can I change the DB2 instance user account name 'db2admin' on Windows ?
Answer
Yes. If we want to change the default DB2 instance user account name 'db2admin' to other user name, we can do the following steps for change and check after the work.
1. Stop database instances and DAS
$ db2stop
$ db2admin stop
2. Create new account and set password.
For example, I used 'db2admin2' as user account on this page.
3. Add this new account to 'DB2ADMNS' and 'Administrators' roles in Windows Security administration.
4. Execute 'Start->Run and type 'services.msc'.
Then change the 'Log On As' attribute for all DB2 services from 'db2admin' to new account user name.
-
5. Check if new user has appropriate security policy and rights.
For the detail, refer the URL on this page.
(1) Click Start -> Run and type secpol.msc. On Windows 2008 and Windows Vista (or higher), click Start and type secpol.msc in the search bar. Click OK.
(2) Select Local Security Policy.
(3) In the left window pane, expand the Local Policies object, then select User Rights Assignment.
(4) In the right window pane, select the user right that you want to assign.
(5) From the menu, select Action -> Security...
(6) Click Add, then select a user or group to assign the right to, and click Add.
(7) Click OK
For example, you may need to give following right to the new user.
Act as part of the operating system
Debug programs
Create token object
Lock pages in memory
Log on as a service
Replace a process level token
This is the sample image capture of the work.
6. Reboot the operating system.
7. Compare the following results and check if those are same between the new user and old 'db2admin' user.
(1) SYSPROC.AUTH_LIST_GROUPS_FOR_AUTHID
SELECT * FROM TABLE (SYSPROC.AUTH_LIST_GROUPS_FOR_AUTHID('DB2ADMIN')) AS T;
SELECT * FROM TABLE (SYSPROC.AUTH_LIST_GROUPS_FOR_AUTHID('DB2ADMIN2')) AS T;
: It should have two groups 'DB2ADMNS' and 'ADMINISTRATORS'.
(2) SYSPROC.AUTH_LIST_AUTHORITIES_FOR_AUTHID
SELECT AUTHORITY, D_USER, D_GROUP, D_PUBLIC, ROLE_USER, ROLE_GROUP, ROLE_PUBLIC, D_ROLE FROM TABLE (
SYSPROC.AUTH_LIST_AUTHORITIES_FOR_AUTHID ('DB2ADMIN', 'U') ) AS T;
SELECT AUTHORITY, D_USER, D_GROUP, D_PUBLIC, ROLE_USER, ROLE_GROUP, ROLE_PUBLIC, D_ROLE FROM TABLE (
SYSPROC.AUTH_LIST_AUTHORITIES_FOR_AUTHID ('DB2ADMIN2', 'U') ) AS T
(3) 'whoami /ALL' command output
(4) 'User Name' of db2sysc.exe on 'Windows Task Manager'
: It should be new account name.
Note that these are steps in DB2 perspective.
Therefore you need to consider other impact with this change if you use the DB2 as a bundle of other solution product or other applications use this account.
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21683454