Certain users have SYSADM authority if
the sysadm_group database manager configuration
parameter is not set (that is, it is NULL).
These users are:
- Members of the local Administrators group
- Members of the Administrators group at the Domain Controller,
if the DB2® database manager
is configured to enumerate groups for users at the location where
the users are defined (you can use the DB2_GRP_LOOKUP environment
variable to configure group enumeration)
- Members of the DB2ADMNS group, if Windows extended
security is enabled. The location of the DB2ADMNS group is decided
during installation.
- The LocalSystem account
There are cases where the previously mentioned
default behavior is not desirable. You can use the
sysadm_group database
manager configuration parameter to override this behavior by using
one of the following methods:
- Create a local group on the DB2 server
machine and add to it users (domain users or local users) that you
want to have SYSADM authority. The DB2 database
manager should be configured to enumerate groups for the user on the
local machine.
- Create a domain group and add to it the users that you want to
have SYSADM authority. The DB2 database
manager should be configured to enumerate groups for users at the
location where the users are defined.
Then update the sysadm_group database
manager configuration parameter to this group, using the following
commands:
DB2 UPDATE DBM CFG USING SYSADM_GROUP group_name
DB2STOP
DB2START