In this three-part series, we examine the various object privileges provided in DB2.
Editor's note: This article is an excerpt from the book DB2 10.1 Fundamentals: Certification Study Guide (Exam 610) (MC Press, May 2014).
In DB2 for Linux, UNIX, and Windows and DB2 for z/OS, privileges convey the right to perform certain actions against specific database resources. Two distinct types of privileges exist: database and object. Database privileges apply to a database as a whole and control which actions a user is allowed to perform against a particular database. Object privileges, on the other hand, apply to specific database objects (for example, tables, indexes, and views).
Because the nature of each database object varies, the individual privileges that exist for each object differ. In this three-part series, we examine the various object privileges provided in DB2.
The Authorization ID Privilege (DB2 for Linux, UNIX, and Windows Only)
The authorization ID privilege lets a user set the session authorization ID to one of a set of specified authorization IDs available (by executing the SET SESSION AUTHORIZATION statement). Only one authorization ID privilege exists: the SETSESSIONUSER privilege.
Buffer Pool Privileges (DB2 for z/OS Only)
Buffer pool privileges control what users can and cannot do with a particular buffer pool. (A buffer pool is a portion of memory that has been allocated to DB2 for the purpose of caching table and index data as it is read from disk.) The following buffer pool privileges are available:
- USE OF BUFFERPOOL: Allows a user to use a certain buffer pool.
- USE OF ALL BUFFERPOOLS: Allows a user to use every buffer pool available.
The Table Space Privilege
The table space privilege controls what users can and cannot do with a particular table space. (Table spaces control where data in a database physically resides.) Only one table space privilege exists—the USE (or USE OF TABLESPACE) privilege, which, when granted, lets a user use a certain table space.
Note: In DB2 for Linux, UNIX, and Windows environments, the USE privilege cannot be used to give an individual the ability to create tables in the system catalog table space or in any temporary table spaces that might exist.
The Storage Group Privilege (DB2 for z/OS Only)
The storage group privilege controls what users can and cannot do with a particular storage group. (With DB2 for z/OS, a storage group refers to a set of volumes on disks that holds the data sets in which tables and indexes are stored.) Only one storage group privilege exists—the USE (or USE OF STOGROUP) privilege, which, when granted, lets a user use a certain storage group.
Schema Privileges
Schema privileges control what users can and cannot do with a particular schema. (A schema is an object that is used to logically classify and group other objects in the database; most objects are identified by using a naming convention that consists of a schema name, followed by a period, followed by the object name.) The following schema privileges are available:
- CREATEIN: Allows a user to create objects within a certain schema.
- ALTERIN: Allows a user to change the comment associated with any object in a certain schema or alter any object that resides in the schema.
- DROPIN: Allows a user to remove (drop) any object within a certain schema.
With DB2 for Linux, UNIX, and Windows, the objects that can be manipulated within a schema include tables, views, indexes, packages, data types, functions, triggers, procedures, and aliases. With DB2 for z/OS, those objects consist of distinct data types, UDFs, triggers, and procedures.
Table Privileges
Table privileges control what users can and cannot do with a particular table in a database. (A table is a logical structure that presents data as a collection of unordered rows with a fixed number of columns.) The following table privileges are available:
- CONTROL: Provides a user with all table privileges available. With this privilege, a user can remove (drop) a certain table from the database, execute the RUNSTATS and REORG commands against the table, execute the SET INTEGRITY statement against the table, and grant and revoke individual table privileges (with the exception of the CONTROL privilege) to/from others. (This privilege is available with DB2 for Linux, UNIX, and Windows only.)
- ALTER: Allows a user to change a certain table’s definition and/or the comment associated with the table as well as create or drop a table constraint.
- SELECT: Allows a user to retrieve data from a certain table as well as create a view that references the table.
- INSERT: Allows a user to add data to a certain table.
- UPDATE: Allows a user to modify data in a certain table. (This privilege can apply to the entire table or be limited to specific columns within the table.)
- DELETE: Allows a user to remove data from a certain table.
- INDEX: Allows a user to create an index for a certain table.
- REFERENCES: Allow a user to create and drop foreign key constraints that reference a certain table in a referential integrity constraint. (This privilege can apply to the entire table or be limited to specific columns within the table, in which case a user can only create and drop referential constraints that reference the columns identified.)
- TRIGGER: Allows a user to create triggers for a certain table. (This privilege is available with DB2 for z/OS only.)
View Privileges
View privileges control what users can and cannot do with a particular view. (A view is a virtual table that provides an alternative way of working with data that physically resides in one or more base tables; views are frequently used to limit access to specific columns in a table.) The following view privileges are available:
- CONTROL: Provides a user with all view privileges available. With this privilege, a user can remove (drop) a certain view from the database as well as grant and revoke individual view privileges (with the exception of the CONTROL privilege) to/from others. (This privilege is available with DB2 for Linux, UNIX, and Windows only.)
- SELECT: Allows a user to use a certain view to retrieve data from its underlying base table(s).
- INSERT: Allows a user to use a certain view to add data to its underlying base table(s).
- UPDATE: Allows a user to use a certain view to modify data in its underlying base table(s). (This privilege can apply to the entire view or be limited to specific columns within the view.)
- DELETE: Allows a user to use a certain view to remove data from its underlying base table(s).
It is important to note that with DB2 for Linux, UNIX, and Windows, the owner of a view will receive CONTROL privilege for that view only if they hold CONTROL privilege for every base table the view references.
Note: To create a view, a user must hold, at a minimum, SELECT privilege on each base table the view references.
The Index Privilege (DB2 for Linux, UNIX, and Windows Only)
The index privilege controls what users can and cannot do with a particular index. (An index is an ordered set of pointers that refer to one or more key columns in a base table; use of indexes can improve query performance.) Only one index privilege exists—the CONTROL privilege, which, when granted, allows users to remove a certain index from a database.
Unlike the CONTROL privilege for other objects, the CONTROL privilege for an index does not automatically give users the ability to grant and revoke index privileges to/from others. That is because the only index privilege available is the CONTROL privilege, and only users with ACCESSCTRL or SECADM authority are allowed to grant and revoke CONTROL privilege.
To Be Continued
In Part 2, we will examine several more DB2 object privileges, including those that govern access to procedures, packages, collections, and more.
Roger E. Sanders is a Principal Sales Enablement & Skills Content Specialist at IBM. He has worked with Db2 (formerly DB2 for Linux, UNIX, and Windows) since it was first introduced on the IBM PC (1991) and is the author of 26 books on relational database technology (25 on Db2; one on ODBC). For 10 years he authored the “Distributed DBA” column in IBM Data Magazine, and he has written articles for publications like Certification Magazine, Database Trends and Applications, and IDUG Solutions Journal (the official magazine of the International Db2 User's Group), as well as tutorials and articles for IBM's developerWorks website. In 2019, he edited the manuscript and prepared illustrations for the book “Artificial Intelligence, Evolution and Revolution” by Steven Astorino, Mark Simmonds, and Dr. Jean-Francois Puget.
From 2008 to 2015, Roger was recognized as an IBM Champion for his contributions to the IBM Data Management community; in 2012 he was recognized as an IBM developerWorks Master Author, Level 2 (for his contributions to the IBM developerWorks community); and, in 2021 he was recognized as an IBM Redbooks Platinum Author. He lives in Fuquay Varina, North Carolina.
MC Press books written by Roger E. Sanders available now on the MC Press Bookstore.
 |
||
 |
|
QuickStart Guide to Db2 Development with Python Discover how Python, SQL, and Db2 can successfully be used with each other. List Price $9.95 Now On Sale
|
|
||
 |
|
DB2 10.5 Fundamentals for LUW (Exam 615) Don't even think about attempting to take the DB2 Fundamentals exam without this indispensable study guide. List Price $79.95
Now On Sale
|
|
||
 |
|
DB2 10.1 Fundamentals (Exam 610) Let one of the world's leading DB2 authors and a participant in the exam development help you succeed. List Price $79.95 Now On Sale
|
|
||
 |
|
Artificial Intelligence: Evolution and Revolution Operational AI has become available to the masses, setting the wheels in motion for a worldwide AI revolution that has never been seen before. List Price $16.95
Now On Sale
|
|
||
 |
|
DB2 10.5 DBA for LUW Upgrade from DB2 10.1: Certification Study Notes Here's everything you need to know to take and pass Exam 311, complete with a practice exam and study key. List Price $21.95 Now On Sale
|
|
||
 |
|
From Idea to Print Here's everything you need to know to turn your technical knowledge and expertise into a published article or book. List Price $49.95
Now On Sale
|
|
||
|
|
DB2 9 Fundamentals (Exam 730) Use this review before taking the test to prove you've mastered the basics of DB2 9. List Price $59.95 Now On Sale
|
|
||
 |
|
DB2 9 for Linux, UNIX, and Windows Database Administration (Exam 731) Use this indispensable study guide to prepare to take, and pass, Exam 731. List Price $64.95
Now On Sale
|
|
||
 |
|
DB2 9.7 for Linux, UNIX, and Windows Database Administration (Exam 541) Get ready to take the DB2 9.7 certification exam with this handy study guide. List Price $21.95 Now On Sale
|
|
||
 |
|
DB2 9 for Linux, UNIX, and Windows Advanced Database Administration (Exam 734) Review all exam topics and take the included practice test to be sure you're ready on testing day. List Price $64.95
Now On Sale
|
|
||
 |
|
DB2 9 for Linux, UNIX, and Windows Database Administration Upgrade (Exam 736) Prep for success with the master of DB2 certification study guides! List Price $34.95 Now On Sale
|
|
||
 |
|
Data Fabric: An Intelligent Data Architecture for AI This book explains the concepts and values that a data fabric approach can deliver to both technical and business communities. List Price $19.95
Now On Sale
|
|
More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.
TRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now! Request Now.
Forms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.
Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:
Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:
LATEST COMMENTS
MC Press Online