Windows LocalSystem account support

On Windows platforms, the Db2® database system supports applications running under the context of the LocalSystem account (LSA) with local implicit connection. The authorization ID for the LocalSystem account is SYSTEM. If you are using a non-English version of a Windows operating system, you need to check that the authorization ID for the LocalSystem account does not have an invalid character. For example, if you are using a French version of a Windows operating system, the LocalSystem account is Système, but you cannot use this account as an authorization ID because it has an invalid character, è.

The LocalSystem account is considered a system administrator (holding SYSADM authority) when the sysadm_group database manager configuration parameter is set to NULL.

If there is a need for applications running under the context of the LocalSystem account to perform database actions that are not within the scope of SYSADM, you must grant the LocalSystem account the required database privileges or authorities. For example, if an application requires database administrator capabilities, grant the LocalSystem account DBADM authority using the GRANT (Database Authorities) statement.

Developers writing applications to be run under this account need to be aware that the Db2 database system has restrictions on objects with schema names starting with SYS. Therefore if your applications contain DDL statements that create Db2 database objects, they should be written such that:

  • For static queries, they should be bound with a value for the QUALIFIER options other than the default one (SYSTEM).
  • For dynamic queries, the objects to be created should be explicitly qualified with a schema name supported by the Db2 database manager, or the CURRENT SCHEMA register must be set to a schema name supported by the Db2 database manager.

Group information for the LocalSystem account is gathered at the first group lookup request after the Db2 database instance is started and is not refreshed until the instance is restarted.