| View previous topic :: View next topic |
| Author |
Message |
Bithead
Advanced
Joined: 03 Jan 2003
Posts: 550
Topics: 23
Location: Michigan, USA
|
 Posted: Thu Aug 04, 2005 10:07 am Post subject: DB2 System Administrator Removal (z/OS) |
 |
|
| I have to delete a SYSADM from one of our systems. If I issue a REVOKE for SYSADM on that user, it will have an unwanted cascade effect. What is the best way of removing all user permissions from the catalog without impacting other permissions? |
|
| Back to top |
|
 |
kolusu
Site Admin
Joined: 26 Nov 2002
Posts: 12372
Topics: 75
Location: San Jose
|
|
| Back to top |
|
|
Bithead
Advanced
Joined: 03 Jan 2003
Posts: 550
Topics: 23
Location: Michigan, USA
|
| Posted: Thu Aug 04, 2005 12:00 pm Post subject: |
|
|
Kolusu,
If I read this correctly, I need to make the userid an Install SysAdm (in the zparm) before I issue the REVOKE and this will pervent the cascade delete. Can you confirm this? |
|
| Back to top |
|
|
kolusu
Site Admin
Joined: 26 Nov 2002
Posts: 12372
Topics: 75
Location: San Jose
|
| Posted: Thu Aug 04, 2005 12:13 pm Post subject: |
|
|
| Quote: |
If I read this correctly, I need to make the userid an Install SysAdm (in the zparm) before I issue the REVOKE and this will pervent the cascade delete. Can you confirm this?
|
Bithead,
Exactly right. first add to zparm then issue revoke and then re-assemble zparms once again.
Kolusu
_________________
Kolusu
www.linkedin.com/in/kolusu |
|
| Back to top |
|
|
Bithead
Advanced
Joined: 03 Jan 2003
Posts: 550
Topics: 23
Location: Michigan, USA
|
| Posted: Thu Aug 04, 2005 12:17 pm Post subject: |
|
|
| Thanks Kolusu. |
|
| Back to top |
|
|
Bithead
Advanced
Joined: 03 Jan 2003
Posts: 550
Topics: 23
Location: Michigan, USA
|
| Posted: Tue Aug 09, 2005 1:11 pm Post subject: |
|
|
Kolusu,
I added the user as Install Sysadm over the weeknd my modifying ZPARM entry for SYSADM and reassembling & linking. I ran a REVOKE SYSADM FROM user BY ALL but it is still hanging up. The DB2 monitor shows many locks on SYSPLAN and SYSPACKAGE which makes me think that the REVOKE is cascading. Any ideas? |
|
| Back to top |
|
|
kolusu
Site Admin
Joined: 26 Nov 2002
Posts: 12372
Topics: 75
Location: San Jose
|
| Posted: Tue Aug 09, 2005 1:26 pm Post subject: |
|
|
| Quote: |
ran a REVOKE SYSADM FROM user BY ALL
|
Why do you have ALL in in your revoke statement? Since he is already a SYSADM, I dont think any one GRANTED him any Privileges any additional privileges. By coding ALL ,DB2 is looking up all the users in the system , if they have granted any authority to the old sysadm
It should be just | Code: |
REVOKE SYSADM FROM user
|
Kolusu
_________________
Kolusu
www.linkedin.com/in/kolusu |
|
| Back to top |
|
|
Bithead
Advanced
Joined: 03 Jan 2003
Posts: 550
Topics: 23
Location: Michigan, USA
|
| Posted: Wed Aug 10, 2005 10:56 am Post subject: |
|
|
Kolusu,
I tried it in another DB2 instance and it worked fine so it must be something that I did wrong. I will try again.
Thanks again for your help. |
|
| Back to top |
|
|
|
|
|
FAQ
Search
Quick Manuals
Register
Profile
Log in to check your private messages
Log in
