Altering tables with the system DBADM authority

The system DBADM authority separates object management from data access and access control. It allows object management without requiring the ownership of the object in a Db2 subsystem.

About this task

Suppose that you are a database administrator DB2ADMIN1 and need to alter TABLE1, but do not have any table privileges on the table. You must first be granted the system DBADM authority before you can alter the table.

Procedure

To alter tables with the system DBADM authority:

  1. Obtain the system DBADM authority from a security administrator

    An authorization ID or role with the SECADM authority can grant you the system DBADM authority by issuing the following statement:

    Begin general-use programming interface information. 
    GRANT DBADM WITHOUT DATAACCESS WITHOUT ACCESSCTRL ON SYSTEM TO DB2ADMIN1;
    End general-use programming interface information.

    Db2 inserts a row in SYSIBM.SYSUSERAUTH with the column SDBADMAUTH set to 'Y', where column GRANTEE is set to DB2ADMIN1.

  2. With the system DBADM authority, issue the ALTER TABLE statement to alter table TABLE1.

    Db2 checks to make sure that you have the required privilege set, including the ALTER TABLE privilege that is allowed by the system DBADM authority. The table is altered successfully.