On Windows operating
systems, you can restrict privileges of the db2fmp process
to the privileges assigned to the DB2USERS group.
About this task
Restrictions
This
option is not available if LocalSystem is selected as the service
account.
Procedure
- On Windows operating
systems, if you have Extended Security enabled, to restrict the db2fmp process
to the privileges assigned to the DB2USERS group:
- Run the db2set command and set DB2_LIMIT_FENCED_GROUP to ON.
By default, this registry variable is set to OFF.
db2set DB2_LIMIT_FENCED_GROUP = ON
- Add the DB2® service account
into the DB2USERS group.
- You can grant additional operating system privileges to
the db2fmp process by following these steps:
- Create a new user group, or choose an existing user group (for
example, db2FencedGroup).
- Add the DB2 service account
into the group.
Results
In
additional to the privilege of DB2USERS group, the db2fmp process
has the operating system privilege of the chosen user group chosen.