Tuesday, November 11, 2008

How to Revoke SYSADM previlege without cascading effect

Installation system admin have given SYSADM authority to a userid (USR10). Through that userid, the user created many objects, had bind many packages and given many privileges.
Now when
Installation system admin tried to revoke the SYSADM auth from that user, the mainframe screen seems to be hanged and locked for hours. Even the subsystem might be crashed.

How to Approach this problem..

We made the Userid(USR10) as Installation SYSADM id through one job which make the change in Z-Parm of DB2 subsystem.
Here is the member:
D710.DSN4.SDSNSAMP(DSNTIJUZ) -- second qualifier is the subsystem name.
and parameters are
SYSADM=USR10, -- put userid over here from which you want to revoke the SYSADM auth.

you need to stop/start the subsystem to make it effect. After that Shoot the REVOKE statement. This will be executed in a second. After this do not forgot to change the SYSADM to it's initial value.

Catch is When you revoke SYSADM from a installation sysadm, you won't have cascading effect.

IBM Certified DB2 DBA

No comments: