Details
The sysadm_group parameter defines the system administrator group with SYSADM authority for the DB2 instance. Accounts with this authority possess the highest level of authority within the database manager (i.e., stopping/starting services, backup/recovery, and maintenance) and control all database objects (i.e., data, system objects, and privileges). It is recommended that the sysadm_group group contains authorized users only.
If an account that possesses this authority is compromised or used in a malicious manner, the confidentiality, integrity, and availability of data in the DB2 instance will be at increased risk.
Solution
Define a valid group name for the SYSADM group.
1. Attach to the DB2 database.
db2 => attach to $DB2INSTANCE
2. Run the following command from the DB2 command window:
db2 => update database manager configuration using sysadm_group
Default Value:
The default value for SYSADM_GROUP is NULL.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.