Security enhancements

The Db2 12.1.1 release improves security by expanding on the changes to instance level authorities of Db2 12.1. The authority to create and manage automatic storage (AS) table spaces can now be granted at the storage group level.

The following table lists security enhancements that have been added to Db2® 12.1.1:

Table 1. Security enhancements in 12.1.1
Enhancement	Description
New database-level storage group authorities for allowing users to create and alter automatic storage (AS) table spaces.	With the release of Db2 12.1, users with `DBADM` authority now have the ability to create and manage AS table spaces and buffer pools. This new database-level authority was previously only available at the instance level, requiring administrators to give SYSADM or SYSCTRL authorities to users at the database level. This database-level authority is expanded in Db2 12.1 Mod 1, providing a new storage-group-level authority that allows users to create and manage AS table spaces within a storage group. authority. A new database-level privilege, USE, is also available for granting the use of buffer pools when creating and altering AS table spaces by using the `TBSPACEADM` authority. For more information, see the following topics: TBSPACEADM authority Buffer pool privileges GRANT (storage group authority) statement GRANT (buffer pool privileges) statement REVOKE (storage group authority) statement REVOKE (buffer pool privileges) statement .