DB2 Version 9.7 for Linux, UNIX, and Windows

User, user ID and group naming rules

User, user ID and group names must follow naming guidelines.

Table 1. User, user ID and group naming rules
Objects Guidelines
  • Group names
  • User names
  • User IDs
  • Group names must be less than or equal to the group name length listed in SQL and XML limits.
  • User IDs on Linux and UNIX operating systems can contain up to 8 characters.
  • User names on Windows can contain up to 30 characters.
  • When not using Client authentication, non-Windows 32-bit clients connecting to Windows with user names longer than the user name length listed in SQL and XML limits are supported when the user name and password are specified explicitly.
  • User names, group names, and authorization or user IDs cannot:
    • Be USERS, ADMINS, GUESTS, PUBLIC, LOCAL or any SQL reserved word
    • Begin with IBM, SQL or SYS.
Note:
  1. Some operating systems allow case sensitive user IDs and passwords. You should check your operating system documentation to see if this is the case.
  2. The authorization ID returned from a successful CONNECT or ATTACH is truncated to the authorization name length listed in SQL and XML limits. An ellipsis (...) is appended to the authorization ID and the SQLWARN fields contain warnings to indicate truncation.
  3. Trailing blanks from user IDs and passwords are removed.
  4. Restrictions on the AUTHID identifier: In DB2® Version 9.5 and later, you can have a 128-byte authorization ID. However, when the authorization ID is interpreted as an operating system user ID or group name, the operating system naming restrictions apply. For example, the Linux and UNIX operating systems can contain up to 8 characters and the Windows operating systems can contain up to 30 characters for user IDs and group names. Therefore, while you can grant a 128-byte authorization ID, you cannot connect as a user that has that authorization ID. If you write your own security plug-in, you can use the extended sizes for the authorization ID. For example, you can give your security plug-in a 30-byte user ID and it returns a 128-byte authorization ID during authentication that you can connect to.
Parent topic: Conforming to naming rules
Related concepts:
DB2 object naming rules
Delimited identifiers and object names
General naming rules