INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Db2 auditory

Db2 auditory

(OP)
Hello, is there a guideline or check list about Db2 auditing?  

RE: Db2 auditory

(OP)
Profiles, security access configuration, superdbas, etc.

RE: Db2 auditory

(OP)
Found some notes about the topic,


DB2 Query SQL
The commands, tables and column definitions should be up-to-date but I would suggest a check, especially if you get spurious results. I would suggest a sanity check of the output (i.e. take some data you know exists and ensure that it appears on the relevant output).

To retrieve all user IDs (not plans) with DBADM authority and whether they hold this privilege 'with grant option' or not

SELECT GRANTEE, DBADMAUTH FROM SYSIBM.SYSDBAUTH WHERE GRANTEETYPE = ' ' AND WHERE DBADMAUTH <> ' ';

(If GRANTEETYPE is blank, the value of GRANTEE is an ID that has been granted a privilege)

OR

SELECT DISTINCT GRANTEE FROM SYSIBM.SYSDBAUTH WHERE GRANTEETYPE = ' ' AND DBADMAUTH IN ('G','Y') ;


Retrieve all users with SYSADM authority
SELECT GRANTEE, GRANTEETYPE, SYSADMAUTH FROM SYSIBM.SYSUSERAUTH WHERE SYSADMAUTH <>' ';
OR
SELECT GRANTEE FROM SYSIBM.SYSUSERAUTH WHERE SYSADMAUTH IN ('G','Y');
(If GRANTEETYPE is blank, the value of GRANTEE is an ID that has been granted a privilege)

Find all users with SYSCTRL authority
Repeat the above query for SYSADM but substituting 'WHERE SYSCTRLAUTH' for 'WHERE SYSADMAUTH'

To retrieve all system privileges held by users, enter the following SQL (If GRANTEETYPE is blank, the value of GRANTEE is an ID that has been granted a privilege):-

SELECT GRANTEE, GRANTEETYPE, SYSADMAUTH FROM SYSIBM.SYSUSERAUTH WHERE SYSADMAUTH <>' ';
    (Repeat for SYSCTRLAUTH, SYSOPRAUTH, BSDSAUTH, CREATEDBAAUTH, CREATEDBCAUTH, CREATESGAUTH, BINDADDAUTH, ALTERBPAUTH, BINDAGENTAUTH, ARCHIVEAUTH, RECOVERAUTH, STOPALLAUTH, STOSPACEAUTH, TRACEAUTH, DISPLAYAUTH)


Contd..
To list the privileges held by users over databases, enter the following SQL :-

SELECT GRANTEE, DBADMAUTH FROM SYSIBM.SYSDBAUTH WHERE DBADMAUTH <> ' ';
    (Repeat for DBCTRLAUTH, DBMAINTAUTH, CREATETABAUTH, CREATETSAUTH, DISPLAYDBAUTH, DROPAUTH, IMAGCOPYAUTH, LOADAUTH, REORGAUTH, RECOVERDBAUTH, REPAIRAUTH, STARTDBAUTH, STATSAUTH, STOPAUTH)

 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close