Appendix A. DB2 tips 499
Privileges can be held on many database objects, such as databases, schemes,
table spaces, tables, views, nicknames, servers, packages, and indexes. The
following list is a sample of some of the privileges available for certain objects:
CONNECT allows a user to access a database.
CREATEIN allows a user to create objects within a schema.
USE allows a user to create tables in a table space.
INDEX allows a user to create indexes on a table.
DELETE allows a user to delete rows from a table or view.
EXECUTE allows a user to execute a package.
CONTROL is like a master privilege on some database objects.
WITH GRANT option on GRANT allows a user to grant the privilege to others.
Users with SYSADM or DBADM authority or CONTROL privilege can explicitly
grant and revoke privileges using the GRANT and REVOKE SQL statements.
Privileges can also be granted implicitly, that is, when a user is explicitly granted
certain higher level privileges. Implicit privileges can also be granted to a user
who has the privilege to execute a package. For example, when a user executes
a package that involves other privileges, they obtain those privileges only while
executing that package. They do not necessarily require the explicit privileges to
work directly with the data objects used by the package.
Groups can be used to provide authorization for a collection of users without
having to grant or revoke privileges for each user individually. However, group
privileges cannot be used in static SQL or the creation of objects, such as
triggers and views, except for the predefined group called PUBLIC.
DB2 backup and restore
This section describes DB2 backup and restore.
Back up a DB2 database
To back up a DB2 database, do the following:
1. Stop the applications that are connected to the DB2 database.