Specifying the permissions required to execute file administration statements

The -gu database server option controls who can execute file administration statements. You can use this option to specify which users are able to execute certain administration tasks. See -gu server option.

There are four levels of permission for the use of file administration statements:

-gu option Effect Applies to
all Anyone can execute file administration statements Any database including utility database
none No one can execute file administration statements Any database including utility database
DBA Only users with DBA authority can execute file administration statements Any database including utility database
utility_db Only the users who can connect to the utility database can execute file administration statements Only the utility database
Examples

To prevent the use of the file administration statements, start the database server using the none permission level of the -gu option. The following command starts a database server and names it TestSrv. It loads the mytestdb.db database, but prevents anyone from using that server to create or delete a database, or execute any other file administration statement regardless of their resource creation rights, or whether they can load and connect to the utility database.

dbsrv11 -n TestSrv -gu none c:\mytestdb.db

To permit only the users knowing the utility database password to execute file administration statements, start the server by running the following command.

dbsrv11 -n TestSrv -su secret -gu utility_db

The following command starts Interactive SQL as a client application, connects to the server named TestSrv, loads the utility database, and connects the user.

dbisql -c "UID=DBA;PWD=secret;DBN=utility_db;ENG=TestSrv"

Having executed the above command successfully, the user connects to the utility database, and can execute file administration statements.