IBM i Modernization Engine for Lifecycle Integration

IBM i Modernization Engine for Lifecycle Integration

Connect, learn, share, and engage with IBM Power.

 View Only

  • 1.  Clarifying CREATE USER vs GRANT – Salesforce ADM-201 Exam Scenario

    Posted 3 days ago

    I recently came across a Salesforce ADM-201 Exam question on Pass4Surexams that raised an important point about database user management. The scenario asked which command a database administrator should use to allow a new retail store employee to authenticate to a database.

    At first glance, it may seem like a permissions issue. But on closer look, it's more about user creation. You can't grant access to a user who doesn't exist in the system yet. That's why the CREATE USER command makes more sense in this case. It's the command that enables authentication by creating the user account at the database level.

    The GRANT Command is essential too, but it's typically used after the user is created. It assigns specific rights or roles, which is more about authorization, not authentication.

    In IBM Db2 environments, is CREATE USER still directly used? Or is access more often handled through external systems like LDAP or enterprise IAM? I'm curious how this process is managed in modern IBM database workflows.

    This kind of question shows how subtle the line between authentication and authorization can be. And it's something I'd like to understand not just in theory but in practical IBM environments.

    If anyone has experience managing user access in IBM databases, I'd really appreciate your insights.



    ------------------------------
    Adam Carry
    ------------------------------


  • 2.  RE: Clarifying CREATE USER vs GRANT – Salesforce ADM-201 Exam Scenario

    Posted 4 hours ago

    Hello

    You posted this question in an IBM i related forum, although it is not directly about MERLIN.

    So, my reply is for "Db2 for IBM i" implementation, and I do not know the answer for other implementations on zOS and LUW.

    On IBM i, probably due to the high integration degree of the database into the operating system, there is no CREATE USER SQL statement. In order to connect to the database, an operating system user profile must exist. This one is created with CRTUSRPRF command. This can be done through IAM software or some of the other existing tools, but finally, the user profile must be created outside of a pure SQL database interface. However, one can use GRANT/REVOKE SQL statements to handle database security.

    Hope this helps!



    ------------------------------
    Marc Rauzier
    ------------------------------

    Original Message


Related Content