These are queries to help assist with retrieving users inside of a DB2 database and the permissions these users are assigned. The queries are designed to only read data and will not modify or create data inside of the database.
Running both queries will show database configuration information, including security settings and the names of the server groups granted SYSADM, SYSCTRL, SYSMAIN, and SYSMON.
GET DATABASE CONFIGURATION
GET DATABASE MANAGER CONFIGURATIONThis will return the version of the DB2 database.
db2levelThis will return all users contained in each system group.
cat /etc/group > group.txtThis will return all user accounts.
cat /etc/passwd > accounts.txtThis will return the authorization ID of the instance owner.
db2 "values SYSPROC.AUTH_GET_INSTANCE_AUTHID()"This will return a list of all users, roles and groups that exist in the database catalog.
SELECT *
FROM SYSIBMADM.AUTHORIZATIONIDSThis will show all privileges granted to users, groups, and roles of the database.
SELECT *
FROM SYSIBMADM.PRIVILEGESThis will show the roles granted to users, groups, or roles.
SELECT *
FROM SYSCAT.ROLEAUTHThis will show all users granted various administrator-type authorities.
SELECT DISTINCT GRANTEE, GRANTEETYPE, DBADMAUTH,
SECURITYADMAUTH, ACCESSCTRLAUTH
FROM SYSCAT.DBAUTH
WHERE DBADMAUTH = 'Y' OR
SECURITYADMAUTH = 'Y' OR
ACCESSCTRLAUTH = 'Y' OR