sysadm_group - System administration authority group name configuration parameter

This parameter defines the group name with SYSADM authority for the database manager instance.

Configuration type
Database manager
Applies to
  • Database server with local and remote clients
  • Client
  • Database server with local clients
  • Partitioned database server with local and remote clients
Parameter type

The SYSADM authority level is the highest level of administrative authority at the instance level. Users with SYSADM authority can run some utilities and issue some database and database manager commands within the instance.

SYSADM authority is determined by the security facilities used in a specific operating environment.
  • For the Windows operating system, this parameter can be set to local or domain group. Group names must adhere to the length limits specified in SQL and XML limits. The following users have SYSADM authority if "NULL" is specified for sysadm_group database manager configuration parameter:
    • Members of the local Administrators group
    • Members of the Administrators group at the Domain Controller if DB2_GRP_LOOKUP is not set or set to DOMAIN
    • Members of DB2ADMNS group if Extended Security feature is enabled. The location of the DB2ADMNS group was decided during installation
    • The LocalSystem account
  • For Linux® and UNIX systems, if NULL is specified as the value of this parameter, the SYSADM group defaults to the primary group of the instance owner.

    If the value is not NULL, the SYSADM group can be any valid UNIX group name.

To restore the parameter to its default (NULL) value, use UPDATE DBM CFG USING SYSADM_GROUP NULL. You must specify the keyword NULL in uppercase.