实例用户为db2inst0,另外创建了系统用户itm6,用于监控数据库,主要监控指标包括:数据库日志空间利用情况、表空间状态、表空间使用率、数据库状态等。需要实例用户db2inst0对itm6进行赋权操作。主要赋权语句包括:
-sh-3.2$ db2 "grant connect on database to user itm6"
DB20000I The SQL command completed successfully.
-sh-3.2$ db2 "grant select on table sysibmadm.tbsp_utilization to user itm6"
DB20000I The SQL command completed successfully.
-sh-3.2$ db2 "grant select on table sysibmadm.bp_hitratio to user itm6"
DB20000I The SQL command completed successfully.
-sh-3.2$ db2 "grant select on table sysibmadm.log_utilization to user itm6"
DB20000I The SQL command completed successfully.
-sh-3.2$ db2 "grant select on table sysibmadm.snaplockwait to user itm6"
DB20000I The SQL command completed successfully.
-sh-3.2$ db2 "grant select on table sysibmadm.SNAPDB to user itm6"
DB20000I The SQL command completed successfully.
-sh-3.2$ db2 "grant select on table sysibmadm.dbcfg to user itm6"
DB20000I The SQL command completed successfully.
-sh-3.2$ db2 "grant select on table sysibmadm.snapdb_memory_pool to user itm6"
DB20000I The SQL command completed successfully.
均显示赋权成功
在赋权之后,切换到itm6账号,执行相关的采集指标语句,包括
[itm6@localhost ~]$ db2 -x "select log_utilization_percent from sysibmadm.log_utilization with ur"
SQL1092N The requested command or operation failed because the user ID does
not have the authority to perform the requested command or operation. User
ID: "ITM6".
提示用户itm6权限不足,请求或指令执行失败。
总结下来,主要问题有2个:
1未赋予connect权限之前,itm6账号就具有connect权限,可以执行connect操作
2赋权之后,仍然报无权限的错误
求助,这两个问题是什么原因导致的,应该如何解决,实现符合“最小权限原则”下的赋权。