8.2 Review Role Members

Information

Having roles that have been granted specific privileges, then assigning users to the roles, is usually considered the best way to grant application access. Because granting privileges to individual users can be more difficult to track and maintain against unauthorized access, users should be assigned to organization-defined database roles according to the needs of the business. As users leave the organization or change responsibilities within the organization, the appropriate roles for them change as well, so role membership needs to be reviewed and verified periodically.

Solution

To remove a role member from a particular role-
1. Attach to a DB2 Instance-
db2 => attach to $DB2INSTANCE
2. Connect to DB2 database-
db2 => connect to $DBNAME
3. Run the following-
db2 => revoke role <role name> from <role member>

See Also

https://workbench.cisecurity.org/files/162