db2sdin1@TEST_DB1 $ db2 describe table sysibmadm.privileges
Data type Column
Column name schema Data type name Length Scale Nulls
------------------------------- --------- ------------------- ---------- ----- ------
AUTHID SYSIBM VARCHAR 128 0 No
AUTHIDTYPE SYSIBM CHARACTER 1 0 No
PRIVILEGE SYSIBM VARCHAR 11 0 No
GRANTABLE SYSIBM VARCHAR 1 0 Yes
OBJECTNAME SYSIBM VARCHAR 128 0 Yes
OBJECTSCHEMA SYSIBM VARCHAR 128 0 Yes
OBJECTTYPE SYSIBM VARCHAR 24 0 Yes
7 record(s) selected.
db2sdin1@TEST_DB1 $
db2 "select distinct(PRIVILEGE) from sysibmadm.privileges where authid='TESTDBS' group by "
db2 "select distinct(PRIVILEGE),OBJECTNAME from sysibmadm.privileges where authid='TESTDBS' group by OBJECTNAME,PRIVILEGE"
db2 "select distinct(PRIVILEGE),OBJECTNAME from sysibmadm.privileges where authid='USERMOT' group by OBJECTNAME,PRIVILEGE"
//usermot 用户对数据库数据表有查询权限,对CONFIG配置有增删改查权限
userfct用户对数据库表有增删改查权限,但是无法启停数据库
userfct2、userfct3与userfct用户的差别在于缺少execute权限
userdbs权限较多:增删改查、execute、bind等权限
db2 "select authid,grantable,objectname,OBJECTSCHEMA,OBJECTTYPE from sysibmadm.privileges where authid='TESTDBS' and OBJECTNAME='SYSTOOLSTMPSPACE'"
db2 "select distinct(AUTHID) from sysibmadm.privileges"
AUTHID
--------------------------------------------------------------------------------------------------------------------------------
DB2INST1
DB2SDIN1
PUBLIC
SYSDEBUG
SYSTS_ADM
SYSTS_MGR
TESTDBS
USERFCT
USERFCT2
USERFCT3
USERMOT
11 record(s) selected.
authidall.txt
db2 "select distinct(PRIVILEGE),OBJECTNAME from sysibmadm.privileges where authid='SYSDEBUG' group by OBJECTNAME,PRIVILEGE"
默认帐户(SYS*这三个账户)是否启用(用户是否可以使用),如果能使用,口令是否设置,是否已更改默认口令
db2 "select grantee from syscat.dbauth where granteetype='G' and connectauth='Y'"
GRANTOR GRANTORTYPE GRANTEE
GRANTEETYPE BINDADDAUTH CONNECTAUTH CREATETA
BAUTH DBADMAUTH EXTERNALROUTINEAUTH IMPLSCHEMAAUTH LOADAUTH NOFENCEAUTH QUIESCECONNECTAUTH LIBRARYADMAUTH SECURITYADMAUTH SQLADMAUTH WLMADMAUTH EXPLAINAUTH D
ATAACCESSAUTH ACCESSCTRLAUTH CREATESECUREAUTH
-------------------------------------------------------------------------------------------------------------------------------- ----------- ----------------
---------------------------------------------------------------------------------------------------------------- ----------- ----------- ----------- --------
----- --------- ------------------- -------------- -------- ----------- ------------------ -------------- --------------- ---------- ---------- ----------- -
------------- -------------- ----------------
SYSIBM S PUBLIC
G Y Y Y
N N Y N N N N N N N N N
N N
1 record(s) selected.
db2 审计功能是否打开
db2 日志是循环还是归档模式?如果是循环,那么覆盖之前是否有备份?
db2diag.log 有没有定期备份
db2sdin1@TEST_DB1 $ db2 get dbm cfg |grep START
Index re-creation time and redo index build (INDEXREC) = RESTART
db2start/db2stop timeout (min) (START_STOP_TIME) = 10
db2 connect to testdb user userfct3 using 2 //连续错误登陆3次,db2如何反应
public 用户
限制单个用户的资源使用情况