Failsafe option to update the database manager configuration file
The information within the configuration file is responsible for
controlling access to essential features of your instance, including
the permission to update the configuration file itself. Do not update
any database manager configuration parameters without fully understanding
its effect on your instance. Parameters that control access to the
instance and require update with caution includes the following parameters:
- AUTHENTICATION: Setting this parameter to a value that is not supported by the operating system, prevents Db2® from recognizing or authenticating users. As Db2 prevents user access, all connections are ignored, and any checks for SYSADM/SYSCTRL/SYSMAINT fails (plus many other problems). Without a connection to Db2 the database manager configuration file is inaccessible and hence a proper value of AUTHENTICATION cannot be restored.
- SYSADM_GROUP: Setting this parameter to a non-existing group ensures that Db2 considers all users to be non-SYSADM, preventing usage of all commands that requires SYSADM. Without SYSADM, the database manager configuration file cannot be updated, and hence a proper value of SYSADM_GROUP cannot be restored.
To regain your access, you require a highly privileged local operating system security user to override the database security check of Db2 to correct the database manager configuration file. For existing operating systems, this highly privileged user are the following users:
- Linux/Unix: The instance owner
- Windows: Someone that is classified as an "Administrator"
Attention: The security bypass is restricted to a local update of the database
manager configuration file. You cannot use a fail-safe user remotely or for any other Db2 database
command.