The information within the configuration file is responsible for
controlling access to essential features of your instance, including
the permission to update the configuration file itself. Do not update
any database manager configuration parameters without fully understanding
its effect on your instance. Parameters that control access to the
instance and require update with caution includes the following parameters:
- AUTHENTICATION: Setting this parameter to
a value that is not supported by the operating system, prevents DB2
from recognizing or authenticating users. As DB2® prevents user access, all connections are
ignored, and any checks for SYSADM/SYSCTRL/SYSMAINT fails (plus many
other problems). Without a connection to DB2,
the database manager configuration file is inaccessible and hence
a proper value of AUTHENTICATION cannot be restored.
- SYSADM_GROUP: Setting this parameter to a
non-existing group ensures that DB2 considers all users to be non-SYSADM,
preventing usage of all commands that requires SYSADM. Without SYSADM,
the database manager configuration file cannot be updated, and hence
a proper value of SYSADM_GROUP cannot be restored.
When these features are updated improperly, your access to your
own instance is impaired.
To regain your access, you require a highly privileged local operating
system security user to override the database security check of DB2 to correct the database manager
configuration file. For existing operating systems, this highly privileged user are
the following users:
- Linux/Unix: The instance owner
- Windows: Someone that is classified as an "Administrator"
Attention: The security bypass is restricted to a local update
of the database manager configuration file. You cannot use a fail-safe
user remotely or for any other DB2
database command.