Information
The DBADM (database administration) role grants the authority to a user to perform administrative tasks on a specific database. It is recommended that the dbadm role be granted to authorized users only.
If an account that possesses this authority is compromised or used in a malicious manner, the confidentiality, integrity, and availability of data in the database will be at increased risk.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Revoke this permission from any unauthorized users.
1. Connect to the DB2 database.
db2 => connect to $DB2INSTANCE user $USERNAME using $PASSWORD
2. Run the following command from the DB2 command window:
db2 db2 => REVOKE SECADM ON DATABASE FROM USER <username>