Sets the privilege required for executing database file administration statements such as for creating or dropping databases.
iqsrv16 -gu { all | none | DBA | utility_db } ...
-gu option | Effect | Applies to |
---|---|---|
all | This option is deprecated. Anyone can execute file administration statements. | Any database including utility database |
none | Executing file administration statements is not allowed. | Any database including utility database |
DBA | Only users with the SERVER OPERATOR system privilege can execute file administration statements | Any database including utility database |
utility_db | Only the users who can connect to the utility database can execute file administration statements | Only the utility database |
DBA
All operating systems and database servers.
Restricts the users who can execute the following database file administration statements:
ALTER DATABASE dbfile ALTER TRANSACTION LOG
CREATE DATABASE statement
CREATE DECRYPTED DATABASE statement
CREATE DECRYPTED FILE statement
CREATE ENCRYPTED DATABASE statement
CREATE ENCRYPTED FILE statement
DROP DATABASE statement
RESTORE DATABASE statement.
When utility_db is specified, these statements can only be run from the utility database. When DBA is specified, these statements can only be run by a user with the SERVER OPERATOR system privilege. When none is specified, no user can execute these statements.
To prevent the use of the file administration statements, start the database server using the none privilege level of the -gu option. The following command starts a database server and names it TestSrv. It loads the mytestdb.db database, but prevents anyone from using that server to create or delete a database, or execute any other file administration statement regardless of their resource creation rights, or whether they can load and connect to the utility database.
iqsrv16 -n TestSrv -gu none c:\mytestdb.db
To permit only the users knowing the utility database password to execute file administration statements, start the server by running the following command.
iqsrv16 -n TestSrv -su secret -gu utility_db
The following command starts Interactive SQL as a client application, connects to the server named TestSrv, loads the utility database, and connects the user.
dbisql -c "UID=DBA;PWD=secret;DBN=utility_db;Host=host1;Server=TestSrv"
Having executed the above command successfully, the user connects to the utility database, and can execute file administration statements.