Insight and perspectives

db2audit is a tool available on DB2 that generates logging for some security events on the database, for example check authorization, security management, users validation, modifications in database objects. Here are some basic commands for db2audit: db2audit start -> to start db2audit db2audit stop -> to stop db2audit db2audit describe -> to check db2audit status db2audit describe DB2 AUDIT SETTINGS: Audit active: "TRUE " Log audit events: "FAILURE" Log checking events: "FAILURE" Log object maintenance events: "FAILURE" Log security maintenance events: "FAILURE" Log system administrator events: "FAILURE" Log validate events: "FAILURE" Log context events: "NONE" Return SQLCA on audit error: "FALSE " Audit Data Path: "" Audit Archive Path: "" AUD0000I  Operation succeeded

The below command will drop all tables under the schema .   db2 -x "select 'drop table '||rtrim(tabschema)||'.'||rtrim(tabname) from syscat.tables where tabschema = 'abc"

The db2move can help us in several situations, such as: 1.Move data between tables 2.Move data between schema 3.Move data between tablespaces   Let's work with examples: Databases Name: DB1 DB2   Example 1 - Move all tables in schema1 from DB1 to database DB2 db2move DB1 export -aw -l lobs -sn schema1 db2move DB2 import -io replace_create -l lobs Example 2 - Move all data from tableA and tableB in schema1 from DB1 to database DB2 db2move DB1 export -aw -l lobs -tn schema1.tableA,schema1.tableB db2move DB2 load -lo replace -l lobs Don't forget to set integrity for tables in pending status after the load. Example 3 -Move all data from tablespaceA in schema1 from DB1 to database DB2 db2move DB1 export -aw -l lobs -ts tablespaceA db2move DB2 import -io replace_create -l lobs  

When you create a DB2 instance in Unix, you have the option of specifying a fenced user-id different than instance owner. The purpose of fenced user id is to protect DB2 from untested or malicious code from the external stored procedures, user defined functions etc. When you try to run these external procedures, they run in a separate address space owned by the fenced user id.   You know about the fenced user id if you created a DB2 instance yourself on your Unix platform. But suppose, you are looking at a DB2 instance created by someone and you are wondering as which is the fenced user id, you can look at the user and group id of the file .fenced in ~/sqllib/ctrl directory and this will tell you as which is the fenced user id. For Eg:/home/db2inst1/sqllib/ctrl/.fencedID It will display the fenced user id for the instance db2inst1   Another method to find the fenced user id is   db2pd -fmp  

You have to connect to a database. After to connect on database perform the following command. db2 list tables for schema syscat | grep -i auth Few of the authorities, privileges and permissions are listed below. System_Catalog DESC SYSCAT.DBAUTH List the Database privileges SYSCAT.TABAUTH List the Table Privileges SYSCAT.COLAUTH Lists the column privileges SYSCAT.PACKAGEAUTH Lists the package privileges SYSCAT.INDEXAUTH  Lists the index privileges SYSCAT.SCHEMAAUTH Lists the schema privileges SYSCAT.PASSTHRUAUTH  Lists the server privileges SYSCAT.ROUTINEAUTH Lists the routine (functions,Methods,SP's) Privileges SYSCAT.ROLEAUTH Lists the role Privileges To search authorities , privileges and permissions on database db2 "describe table SYSCAT.DBAUTH" The output is fo...