When you create a DB2 instance in Unix, you have the option of specifying a fenced user-id different than instance owner. The purpose of fenced user id is to protect DB2 from untested or malicious code from the external stored procedures, user defined functions etc. When you try to run these external procedures, they run in a separate address space owned by the fenced user id.

You know about the fenced user id if you created a DB2 instance yourself on your Unix platform. But suppose, you are looking at a DB2 instance created by someone and you are wondering as which is the fenced user id, you can look at the user and group id of the file .fenced in ~/sqllib/adm directory and this will tell you as which is the fenced user id.

$ ls -l ~/sqllib/adm/.fenced
-r--r--r-- 1 vikram vikram 0 Feb 13 19:02 /home/vikram/sqllib/adm/.fenced

In the above example, the instance id is also the fenced user id.

The other way to determine the fenced user id is to run the db2pd program and look for fenced token.

The following command will work both on Windows and Unix.

C:\>db2pd -fmp | grep -i fenced
Trusted Path:    C:\PROGRA~1\IBM\SQLLIB\\function\unfenced
Fenced User:     DB2

$ db2pd -fmp | grep -i fenced
Trusted Path:    /home/vikram/sqllib/function/unfenced
Fenced User:     vikram

The concept of fenced user-id is really for the Unix platforms and for Windows, the fenced user id is same as that of db2 instance owner. The output of db2pd -fmp for Windows shows the name of the instance as fenced user id.