IBM Support

Grant DB2 SECADM to userid from an existing LocalSystem (Windows) SECADM account

Question & Answer


How to grant SECADM to a userid if a LocalSystem account (Windows) currently holds DB2 SECADM authority?


In DB2 V9.7, Security administrator (SECADM) abilities have been extended. Only SECADM authority provides the ability to grant and revoke all authorities and privileges to other users.


For Windows XP/2003:

  • Start a command prompt (cmd.exe) window as LocalSystem by issuing 'at' command with a future time (say 1 min later)

    For example: C:\Documents and Settings\ at 16:35 /interactive cmd.exe
    Assuming current time as 16:34
  • In a new cmd.exe window, issue db2cmd
    Launches DB2 Command Window
  • Connect to DB2 database: db2 connect to <dbanme>
    It shows the auth id as SYSTEM (alternatively you can run whoami to verify)
  • Grant SECADM to a specific user:
    db2 GRANT SECADM on <dbname> to USER <user>

On Windows Kernel 6 or greater OS (Windows 7/2008 or similar), the interactive mode command fails with an error similar to this >at 16:38 /interactive cmd.exe

Warning: Due to security enhancements, this task will run at the time expected but not interactively.
Use schtasks.exe utility if interactive task is required ('schtasks /?' for details).
Added a new job with job ID = 1

In order to workaround this issue on Windows Kernel 6 or greater (includes Windows 7/2008/2008 R2 or similar), please follow the below procedure:

  • Download and install Windows utility called psexec.exe:
  • Open cmd.exe
  • Navigate to the location of psexec and ran the below command:
    PSEXEC -i -s -d db2cmd.exe
    You are now logged in as SYSTEM
  • Navigate to the location of db2cmd.exe.
  • Connect to DB2 database:
    db2 connect to dbname
  • Grant SECADM to a specific user:
    db2 GRANT SECADM on <dbname> to USER <user>

[{"Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Business Unit":{"code":"BU001","label":"Analytics Private Cloud"},"Component":"Database Objects\/Config - Authorization\/Privilege","Platform":[{"code":"PF033","label":"Windows"}],"Version":"9.7;10.1;10.5","Edition":"Advanced Enterprise Server;Advanced Workgroup Server;Enterprise Server;Express;Personal;Workgroup Server"}]

Document Information

Modified date:
16 June 2018