DB2 Version 10.1 for Linux, UNIX, and Windows

Windows LocalSystem account support

On Windows platforms, the DB2® database system supports applications running under the context of the LocalSystem account (LSA) with local implicit connection. The authorization ID for the LocalSystem account is SYSTEM. If you are using a non-English version of a Windows operating system, you need to check that the authorization ID for the LocalSystem account does not have an invalid character. For example, if you are using a French version of a Windows operating system, the LocalSystem account is Système, but you cannot use this account as an authorization ID because it has an invalid character, è.

The LocalSystem account is considered a system administrator (holding SYSADM authority) when the sysadm_group database manager configuration parameter is set to NULL.

If there is a need for applications running under the context of the LocalSystem account to perform database actions that are not within the scope of SYSADM, you must grant the LocalSystem account the required database privileges or authorities. For example, if an application requires database administrator capabilities, grant the LocalSystem account DBADM authority using the GRANT (Database Authorities) statement.

Developers writing applications to be run under this account need to be aware that the DB2 database system has restrictions on objects with schema names starting with "SYS". Therefore if your applications contain DDL statements that create DB2 database objects, they should be written such that:

Group information for the LocalSystem account is gathered at the first group lookup request after the DB2 database instance is started and is not refreshed until the instance is restarted.

Related concepts:
General naming rules
Related reference:
sysadm_group - System administration authority group name configuration parameter