The DB2® database system allows you to specify either a local group or a global group when granting privileges or defining authority levels.
db2set -g DB2_GRP_LOOKUP=local
db2set -i <instance_name> DB2_GRP_LOOKUP=local
After
issuing this command, you must stop and start the DB2 database instance for the change to take
effect. Then create local groups and include domain accounts or global
groups in the local group. db2set -all
If the DB2_GRP_LOOKUP profile registry variable is set to local, then the DB2 database manager tries to enumerate the user's groups on the local machine only. If the user is not defined as a member of a local group, or of a global group nested in a local group, then group enumeration fails. The DB2 database manager does not try to enumerate the user's groups on another machine in the domain or on the domain controllers.
If the DB2 database manager is running on a machine that is a primary or backup domain controller in the resource domain, it is able to locate any domain controller in any trusted domain. This occurs because the names of the domains of backup domain controllers in trusted domains are only known if you are a domain controller.