Sets the permissions for DB2® database objects (for example, files, directories, network
shares, registry keys and services) on updated DB2 database system installations.
Command syntax
>>-db2extsec--+-----------------------+------------------------->
'-+-/u-----+--usergroup-'
'-/users-'
>--+-------------------------+--+-----------------------+------->
'-+-/a------+--admingroup-' '-/oldusers--oldusergrp-'
'-/admins-'
>--+------------------------+--+------------------+------------->
'-/oldadmins--oldadmngrp-' '-/file--inputfile-'
>--+----------+--+------------+--+-----------+-----------------><
'-/verbose-' '-+-/r-----+-' '-+-/h----+-'
'-/reset-' +-/help-+
'-?-----'
Command parameters
- /u | /users usergroup
- Specifies the name of the user group to be added. If this option
is not specified, the default DB2 user group (DB2USERS) is used. The usergroup can
be a local group or a domain group. To specify a local group, you
can specify the group name with or without the machine name. For example, DB2USERS, or MYWKSTN\DB2USERS. To specify
a domain group, you specify the usergroup in the
form of DOMAIN\GROUP. For example, MYDOMAIN\DB2USERS.
- /a | /admins admingroup
- Specifies the name of the administration group to be added. If
this option is not specified, the default DB2 administration group (DB2ADMNS) is used.
The admingroup can be a local group or a domain
group. To specify a local group, you can specify the group name with
or without the machine name. For example, DB2ADMNS, or MYWKSTN\DB2ADMNS. To specify a domain group,
you specify the admingroup in the form of DOMAIN\GROUP. For example, MYDOMAIN\DB2ADMNS.
- Note:
- The following 3 parameters, /oldusers, /oldadmins, and /file, are required
when you are changing the extended security group names and have file
or directory objects that have been created outside of the default
locations (that is, the install directory or database directories).
The db2extsec command can only change permissions
to a known set of DB2 files.
If the user had created private DB2 files with extended security, then the user will need to provide
the locations of these file, so the db2extsec command
can change the permissions on these files with the new extended security
group names. The location of the files are to be supplied in the inputfile using the /file option.
- /oldusers oldusergrp
- The old DB2 users group
name to be changed.
- /oldadmins oldadmngrp
- The old DB2 admins group
name to be changed.
- /file inputfile
- File listing additional files/directories for which the permissions
need to be updated.
- /verbose
- Output extra information.
- /r | /reset
- Specifies that the changes made by previously running db2extsec should be reversed. If you specify this option,
all other options are ignored. This option will only work if no other DB2 commands have been issued since
the db2extsec command was issued.
- /h | /help | ?
- Displays the command help information.
Examples
To enable extended security and
use the domain groups
mydom\db2users and
mydom\db2admns to protect your DB2 objects:
db2extsec /u mydom\db2users /a mydom\db2admns
To reset extended security to its previous setting (see the
preceding section on
/reset option):
db2extsec /reset
To enable extended security, but
also change the security group for the files/directories listed in
c:\mylist.lst from local group
db2admns and
db2users to domain groups
mydom\db2admns and
mydom\db2users:
db2extsec /users mydom\db2users /admins mydom\db2admns /oldadmins db2admns
/oldusers db2users /file c:\mylist.lst
Note: The format
of the input file is as follows:
* This is a comment
D:\MYBACKUPDIR
D:\MYEXPORTDIR
D:\MYMISCFILE\myfile.dat
* This is another comment
E:\MYOTHERBACKUPDIR * These are more comments
E:\MYOTHEREXPORTDIR