DB2 Version 9.7 for Linux, UNIX, and Windows

Default privileges granted on creating a database

When you create a database, default database level authorities and default object level privileges are granted to you within that database.

The authorities and privileges that you are granted are listed according to the system catalog views where they are recorded:

  1. SYSCAT.DBAUTH
    • The database creator is granted the following authorities:
      • ACCESSCTRL
      • DATAACCESS
      • DBADM
      • SECADM
    • In a non-restrictive database, the special group PUBLIC is granted the following authorities:
      • CREATETAB
      • BINDADD
      • CONNECT
      • IMPLICIT_SCHEMA
  2. SYSCAT.TABAUTH
    In a non-restrictive database, the special group PUBLIC is granted the following privileges:
    • SELECT on all SYSCAT and SYSIBM tables
    • SELECT and UPDATE on all SYSSTAT tables
    • SELECT on the following views in schema SYSIBMADM:
      • ALL_*
      • USER_*
      • ROLE_*
      • SESSION_*
      • DICTIONARY
      • TAB
  3. SYSCAT.ROUTINEAUTH
    In a non-restrictive database, the special group PUBLIC is granted the following privileges:
    • EXECUTE with GRANT on all procedures in schema SQLJ
    • EXECUTE with GRANT on all functions and procedures in schema SYSFUN
    • EXECUTE with GRANT on all functions and procedures in schema SYSPROC (except audit routines)
    • EXECUTE on all table functions in schema SYSIBM
    • EXECUTE on all other procedures in schema SYSIBM
    • EXECUTE on the following modules in schema SYSIBMADM:
      • DBMS_JOB
      • DBMS_LOB
      • DBMS_OUTPUT
      • DBMS_SQL
      • DBMS_UTILITY
  4. SYSCAT.PACKAGEAUTH
    • The database creator is granted the following privileges:
      • CONTROL on all packages created in the NULLID schema
      • BIND with GRANT on all packages created in the NULLID schema
      • EXECUTE with GRANT on all packages created in the NULLID schema
    • In a non-restrictive database, the special group PUBLIC is granted the following privileges:
      • BIND on all packages created in the NULLID schema
      • EXECUTE on all packages created in the NULLID schema
  5. SYSCAT.SCHEMAAUTH
    In a non-restrictive database, the special group PUBLIC is granted the following privileges:
    • CREATEIN on schema SQLJ
    • CREATEIN on schema NULLID
  6. SYSCAT.TBSPACEAUTH

    In a non-restrictive database, the special group PUBLIC is granted the USE privilege on table space USERSPACE1.

  7. SYSCAT.WORKLOADAUTH

    In a non-restrictive database, the special group PUBLIC is granted the USAGE privilege on SYSDEFAULTUSERWORKLOAD.

A non-restrictive database is a database created without the RESTRICTIVE option on the CREATE DATABASE command.

Parent topic: Authorization, privileges, and object ownership