Installation or migration without requiring SYSADM

In Db2 12, you can use the installation SYSOPR authority to install or migrate a Db2 subsystem. You are not required to use the SYSADM or installation SYSADM authority to perform installation or migration tasks. Using the installation SYSOPR authority prevents unintended access to user objects during installation or migration.

For installing or migrating Db2, the installation SYSOPR authority is enhanced to access catalog and directory objects, create, drop, or alter system objects, execute the -ACTIVATE command, specify the owner for the BIND and REBIND commands, and run the CATMAINT utility. However, you are not allowed any access to non-system objects or user data in the subsystem.

The overall process of installing or migrating Db2 with the installation SYSOPR authority is the same as that with the SYSADM authority. You can use the installation SYSOPR authority to perform all installation or migration tasks if you meet the following additional requirements:

• The primary or secondary authorization ID that performs installation or migration tasks must have the installation SYSOPR authority.
• The current SQLID that processes data definition statements must be set to SYSINSTL which owns all the system objects created by the installation SYSOPR authority.
• The OWNER option for the BIND and REBIND commands must be set to an ID that is authorized to bind and execute SQL statements in a package.
• The new DSNTIAIN plan must be used with the DSNTIAD program to process all dynamic data definition statements for Db2 installation or migration.
• An explicit qualifier must not be specified for the CREATE TABLE or CREATE INDEX statement. The qualifier can be implicitly specified through a leading SET CURRENT SCHEMA statement so that SYSINSTL can own the table or index.