When granting privileges to groups, any user that is a member of that group receives those privileges. However, if a user is removed from a group, they will lose the implicit privileges from the group but retain any privileges explicitly granted to them as a user. The document also provides examples of using GRANT and REVOKE statements to manage privileges on tables and procedures for users and groups. Additionally, it notes that DB2 defines a PUBLIC group that all users are implicitly a member of and receives certain default privileges.
When granting privileges to groups, any user that is a member of that group receives those privileges. However, if a user is removed from a group, they will lose the implicit privileges from the group but retain any privileges explicitly granted to them as a user. The document also provides examples of using GRANT and REVOKE statements to manage privileges on tables and procedures for users and groups. Additionally, it notes that DB2 defines a PUBLIC group that all users are implicitly a member of and receives certain default privileges.
When granting privileges to groups, any user that is a member of that group receives those privileges. However, if a user is removed from a group, they will lose the implicit privileges from the group but retain any privileges explicitly granted to them as a user. The document also provides examples of using GRANT and REVOKE statements to manage privileges on tables and procedures for users and groups. Additionally, it notes that DB2 defines a PUBLIC group that all users are implicitly a member of and receives certain default privileges.
If you decide to use groups instead of roles, take into consideration the following: When a group is granted privileges, members of the group are granted implicit privileges inherited through group memberships. When a user is removed from a group, they lose the implicit group privileges, but still retain any previous privileges that were explicitly granted. Privileges that were explicitly given to a user must be explicitly revoked from the user. To grant the SELECT privilege on table T1 to the user USER1: GRANT SELECT ON TABLE T1 TO USER user1 To grant all privileges on table T1 to the group GROUP1: GRANT ALL ON TABLE T1 TO GROUP group1 To revoke all privileges on table T1 from group GROUP1: REVOKE ALL ON TABLE T1 FROM GROUP group1 To grant EXECUTE privilege on procedure p1 to user USER1: GRANT EXECUTE ON PROCEDURE p1 TO USER user1 To revoke EXECUTE privilege on procedure p1 from user USER1: REVOKE EXECUTE ON PROCEDURE p1 FROM USER user1
The PUBLIC group
DB2 defines an internal group called PUBLIC. Any user identified by the operating system or network authentication service is implicitly a member of the PUBLIC group. When a database is created, certain privileges are granted to PUBLIC automatically: CONNECT, CREATETAB, IMPLICIT SCHEMA, BINDADD