Granting a set of authorizations to a user

When managing authorizations, you might want to give all the authorizations that are held by one user (either those held directly or those granted explicitly) to another user or a list of users.

Procedure

To grant all the authorizations that are held by one user to another user:

  1. On the DB2 Administration Menu (ADB2) panel, specify option 1, and press Enter.
  2. On the System Catalog (ADB21) panel, specify option AO and press Enter.
  3. On the System Catalog (ADB21) panel - Authorization options, in the Grantee field, specify the name of the user from whom to copy authorizations.
  4. Specify option UA, and press Enter.
  5. On the User Authorizations Summary (ADB2AUS) panel, issue the AU or AE command to display the authorizations that are held by the grantee that you specified.
    AU shows the authorizations that the specified grantee holds directly, and AE shows the authorizations that the specified grantee was granted explicitly.
    Figure 1. User Authorizations Summary (ADB2AUS) panel
      ADB2AUS n ----------- DB2X User Authorizations Summary ------------------------
                                                                                    
     Authorities held by VNDSHL1%                                                   
     Authority includes SYSADM                                                      
     Commands:  AU AP ALL AE AI                                                     
     Line commands:  AU - User Only  AP - All PUBLIC  ALL - All Authorizations      
                     AE - Explicit to User  AI - Implicit to User                   
                     ? - Show all line commands                                                               
     Sel Type                Explicit    Implicit      PUBLIC       Total           
     --- ---------------- ----------- ----------- ----------- -----------           
         System                     1           0           1           2           
         Storage group              0           0           3           3           
         Database                   0           0          10          10           
         Table space                0           0          30          30           
         Table                      0           2         735         737           
         Column                     0           0           0           0           
         Plan                       0           0          79          79           
         Collection                 0           0          15          15           
         Package                    0           0         235         235           
         Function                   0           0          54          54           
         Buffer pool                0           0           6           6           
    
  6. On the User Authorizations (ADB2AUD) panel, ensure that all of the values in the Grantee column are the same.

    If needed, filter on the Grantee column; see Filtering data on panels.

    Figure 2. User Authorizations (ADB2AUD) panel
    ADB2AUD n --------------- DB2X User Authorizations ----------------------------
                                                                                         
     Commands:  REVOKE  GRANT                                                       
     Line commands:  A - Auth  I - Interpret  R - Revoke  GR - Grant                
                                                                                    
     S  Grantor  Grantee  T Name                        Authority         Date   WGO
        *        *        * *                           *                 *      *  
     -- -------- -------- - --------------------------- ----------------- ------ ---
        R148286  VNDSHL1  Z (SYSTEM)                    SYSADM            030113 YES
        VNDSHL1  VNDSHL1  D SHLIMR1                     DBADM             030929 YES
        VNDSHL1  VNDSHL1  D DBSHL                       DBADM             031003 YES
        VNDSHL2  VNDSHL1  D DBSHL2                      DBADM             031201 NO 
        VNDSHL2  VNDSHL1  D DBSHL2                      DBCTRL            031201 NO 
        VNDSHL1  VNDSHL1  T VNDSHL1.VDEPT111            ALL               031202 YES
        K351156  VNDSHL1  T K351156.GROUPCONFIG         ALL               030220 NO 
        VNDSHL1  VNDSHL1  T VNDSHL1.VDEPT1              ALL               030115 YES
    
  7. Issue the GRANT primary command, and press Enter.
  8. On the Grant Privileges (ADB2AUG) panel, specify the users to whom you would like to grant authorizations in the Grantees field, adjust the selected privileges as needed, and press Enter:
    Figure 3. Grant Privileges (ADB2AUG) panel
    ADB2AUG ----------------- DB2X Grant Privileges -------------------- 18:20
    Command ===>                                                                   
                                                                                   
     Specify grantees to use for all the GRANT statements.                         
     An "S" preceding the listed privilege indicates the privilege exists          
     in the list of authorizations shown on the previous panel. Replace "S"        
     with null to avoid granting the privilege.                                    
                                                                                   
     GRANT                                                                         
                                                                                   
        S SYSADM          SYSCTRL         SYSOPR                                   
          DBADM           DBCTRL          DBMAINT         PACKADM                  
                                                                                   
     TO                                                                            
                                                                                   
     Grantees ===>                                                               > 
                                                                                   
     With GRANT option ===>        YES - retains option for each GRANT statement   
                                   NO  - removes option for all GRANT statements   
    
    The SQL is generated and executed if the size of the generated SQL is less than 32K. Otherwise, the Statement Execution Prompt (ADB2PSTM) panel is displayed, and you can choose to create a batch job with the statements or add the statements to a work statement list (WSL).