DB2 Administrative SQL Cookbook: Listing Database Authorities that an ID/Group Holds

Purpose

To list the database authorities held by an ID or group – authorities, not privileges. This information is not available in sysibmadm.privileges. The format of syscat.dbauth has columns with ‘Y’ or ‘N’ in them, and reading that quickly to answer the question “What permissions does this ID have?” can be a bit frustrating. This SQL could also be union-ed with SQL to query sysibmadm.privileges to include the privileges on database objects in one result set.

Continue reading »

Starting a DB2 Instance in a Quiesced State

Some applications are really good at continually trying to re-establish connections to a database. This can be useful when I want to quickly bounce the database and have the app reconnect without also having to bounce the app. It is problematic when I need DB2 to be down and stay down, but still allow me to work with it. This can be needed to kick off a backup or to keep things down during an upgrade. When upgrading to DB2 8.1, there was actually a point in time where, if an application connected, the entire upgrade was hosed.

Continue reading »

DB2 Fine-Grained and Row Access Control (FGAC/RCAC)

DB2 10.1 introduced a new feature commonly called RCAC (Row and Column Access Control) or FGAC(Fine-Grained Access Control). This is a bit less labor intensive to support than LBAC (Label Based Access Control), and solves some of the problems with LBAC. It allows a finer level of access control than the standard DB2 permissions scheme.

Continue reading »

Options to Encrypt Data at Rest in DB2

I thought it would be relatively easy to investigate encryption for our environment. I was wrong, was just plain confusing. This was not because encryption is complicated per se, but that a DBA really needs to have a good understanding of business needs. If you don’t have this understanding, you can get lost in an array of options.

Continue reading »