View previous topic :: View next topic |
Author |
Message |
Bithead Advanced
Joined: 03 Jan 2003 Posts: 550 Topics: 23 Location: Michigan, USA
|
Posted: Thu Aug 04, 2005 10:07 am Post subject: DB2 System Administrator Removal (z/OS) |
|
|
I have to delete a SYSADM from one of our systems. If I issue a REVOKE for SYSADM on that user, it will have an unwanted cascade effect. What is the best way of removing all user permissions from the catalog without impacting other permissions? |
|
Back to top |
|
|
kolusu Site Admin
Joined: 26 Nov 2002 Posts: 12372 Topics: 75 Location: San Jose
|
|
Back to top |
|
|
Bithead Advanced
Joined: 03 Jan 2003 Posts: 550 Topics: 23 Location: Michigan, USA
|
Posted: Thu Aug 04, 2005 12:00 pm Post subject: |
|
|
Kolusu,
If I read this correctly, I need to make the userid an Install SysAdm (in the zparm) before I issue the REVOKE and this will pervent the cascade delete. Can you confirm this? |
|
Back to top |
|
|
kolusu Site Admin
Joined: 26 Nov 2002 Posts: 12372 Topics: 75 Location: San Jose
|
Posted: Thu Aug 04, 2005 12:13 pm Post subject: |
|
|
Quote: |
If I read this correctly, I need to make the userid an Install SysAdm (in the zparm) before I issue the REVOKE and this will pervent the cascade delete. Can you confirm this?
|
Bithead,
Exactly right. first add to zparm then issue revoke and then re-assemble zparms once again.
Kolusu _________________ Kolusu
www.linkedin.com/in/kolusu |
|
Back to top |
|
|
Bithead Advanced
Joined: 03 Jan 2003 Posts: 550 Topics: 23 Location: Michigan, USA
|
Posted: Thu Aug 04, 2005 12:17 pm Post subject: |
|
|
Thanks Kolusu. |
|
Back to top |
|
|
Bithead Advanced
Joined: 03 Jan 2003 Posts: 550 Topics: 23 Location: Michigan, USA
|
Posted: Tue Aug 09, 2005 1:11 pm Post subject: |
|
|
Kolusu,
I added the user as Install Sysadm over the weeknd my modifying ZPARM entry for SYSADM and reassembling & linking. I ran a REVOKE SYSADM FROM user BY ALL but it is still hanging up. The DB2 monitor shows many locks on SYSPLAN and SYSPACKAGE which makes me think that the REVOKE is cascading. Any ideas? |
|
Back to top |
|
|
kolusu Site Admin
Joined: 26 Nov 2002 Posts: 12372 Topics: 75 Location: San Jose
|
Posted: Tue Aug 09, 2005 1:26 pm Post subject: |
|
|
Quote: |
ran a REVOKE SYSADM FROM user BY ALL
|
Why do you have ALL in in your revoke statement? Since he is already a SYSADM, I dont think any one GRANTED him any Privileges any additional privileges. By coding ALL ,DB2 is looking up all the users in the system , if they have granted any authority to the old sysadm
It should be just Code: |
REVOKE SYSADM FROM user
|
Kolusu _________________ Kolusu
www.linkedin.com/in/kolusu |
|
Back to top |
|
|
Bithead Advanced
Joined: 03 Jan 2003 Posts: 550 Topics: 23 Location: Michigan, USA
|
Posted: Wed Aug 10, 2005 10:56 am Post subject: |
|
|
Kolusu,
I tried it in another DB2 instance and it worked fine so it must be something that I did wrong. I will try again.
Thanks again for your help. |
|
Back to top |
|
|
|
|