- DB2 Tutorial
- Home
- DB2 - Introduction
- DB2 - Server Installation
- DB2 - Instance
- DB2 - Databases
- DB2 - Bufferpools
- DB2 - Tablespaces
- DB2 - Storagegroups
- DB2 - Schemas
- DB2 - Data Types
- DB2 - Tables
- DB2 - Alias
- DB2 - Constraints
- DB2 - Indexes
- DB2 - Triggers
- DB2 - Sequences
- DB2 - Views
- DB2 with XML
- DB2 - Backup and Recovery
- DB2 - Database Security
- DB2 - Roles
- DB2 - LDAP
- DB2 Useful Resources
- DB2 - Questions and Answers
- DB2 - Quick Guide
- DB2 - Useful Resources
- DB2 - Discussion
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
DB2 - Roles
Introduction
A role is a database object that groups multiple privileges that can be assigned to users, groups, PUBLIC or other roles by using GRANT statement.
Restrictions on roles
- A role cannot own database objects.
- Permissions and roles granted to groups are not considered when you create the following database objects.
- Package Containing static SQL
- Views
- Materialized Query Tables (MQT)
- Triggers
- SQL Routines
Creating and granting membership in roles
Syntax: [To create a new role]
db2 create role <role_name>
Example: [To create a new role named ‘sales’ to add some table to be managed by some user or group]
db2 create role sales
Output:
DB20000I The SQL command completed successfully.
Granting role from DBADM to a particular table
Syntax: [To grant permission of a role to a table]
db2 grant select on table <table_name> to role <role_name>
Example: [To add permission to manage a table ‘shope.books’ to role ‘sales’]
db2 grant select on table shope.books to role sales
Output:
DB20000I The SQL command completed successfully.
Security administrator grants role to the required users. (Before you use this command, you need to create the users.)
Syntax: [To add users to a role]
db2 grant role <role_name> to user <username>
Example: [To add a user ‘mastanvali’ to a role ‘sales’]
db2 grant sales to user mastanvali
Output:
DB20000I The SQL command completed successfully.
Role hierarchies
For creating a hierarchies for roles, each role is granted permissions/ membership with another role.
Syntax: [before this syntax create a new role with name of “production”]
db2 grant role <roll_name> to role <role_name>
Example: [To provide permission of a role ‘sales’ to another role ‘production’]
db2 grant sales to role production