Access to DB2 Universal Database

[ Team LiB ]

Access to DB2 Universal Database DB2 uses external facilities to provide a set of user and group validation and management functions. Users must log on through the external facilities by providing a username and a password. The security facilities validate the username and password provided to ensure that access for this user is allowed. You need to have a Windows username that will be used to administer DB2. The username must belong to the Administrators group and be a valid DB2 username. In many cases, DB2 creates a username during installation called db2admin that can be used for administering DB2 and setting up the security for the users on your system. After successful authentication, access to objects within a DB2 instance is controlled by granting authorities or privileges to users or groups. Authorities are granted to users to perform administrative tasks on DB2 objects such as loading or backing up data. Privileges are granted to users to access or update data. See Figure 7.2 for the possible DB2 authorities and privileges allowed. Figure 7.2. Hierarchy of authorities and privileges. Note By default, System Administration (SYSADM) privileges are granted to any valid DB2 username that belongs to the Administrators group on Windows. You can change the users who have administrator privileges for each DB2 instance by changing the SYSADM_GROUP parameter. Before you do, however, you need to ensure that the group exists. To check whether this group exists, use the Windows User Manager administrative tool (choose Start | Programs | Administrative Tools | User Manager). If the group exists, it's listed in the lower section of the User Manager window. To use another group as the System Administrative group (SYSADM_GROUP), update the Database Manager Configuration file. To change SYSADM_GROUP on the server instance, follow these steps: In the Control Center, click the + sign beside the Systems icon to list all the systems known to your workstation, and then click the + sign for the system containing the instance you want to update. Right-click the instance that you want to change�for example, DB2�and select Configure Parameters from the pop-up menu. The DBM Configuration dialog box opens. The Administration section shows the configuration parameters associated with administration. In the System Administration Authority Group text box, type the name of an existing group to which you want to assign this privilege. The Change DBM Configuration Parameter dialog box appears as you begin to type (see Figure 7.3). Figure 7.3. DBM Configuration � SYSADM_GROUP options. Click OK. Stop all applications that are using DB2, including the Control Center. When the application or the Control Center is restarted, the new value for SYSADM_GROUP is used. You can use these same steps to change the SYSCTRL_GROUP and SYSMAINT_GROUP parameters.

[ Team LiB ]