AIX clustered server: Grant privileges to DB2 for z/OS database administration users

Configuration and runtime database users are granted a different set of privileges, depending on whether these users are schema owners or not. You can create a copy of the SQL scripts and edit this copy to manually grant permissions to configuration and runtime database users.


Prerequisites


AIX clustered server: Install DB2 for z/OS
AIX clustered server: Use JCL templates to set up DB2 for z/OS
AIX clustered server: Create DB2 for z/OS users
AIX clustered server: Create remote DB2 for z/OS databases


Required privileges of the configuration database user

When a configuration database user is a schema owner, the domain.DbUser property is assigned the same value as the domain.DbSchema property, and a role is created for a configuration user in each database domain. This role is created and assigned automatically when you run the setup-database configuration task. As an alternative to creating and assigning this role automatically, you can create a copy of the SQL scripts templates located in the installation directory of WebSphere Portal to use as a guide for creating executable scripts for manually granting permissions. These read-only templates should not be modified and contain invalid SQL syntax. To grant privileges manually, create own version of these files to create runnable scripts.

Refer to the following locations of the SQL script templates to learn more about the specific permissions granted to the schema-owning configuration database user:

Table 1. Location of SQL script templates by database domain for information about specific permissions granted to schema-owning configuration database users

    Database domain

    Location of template

    Release

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/release/createConfigRoleForSameSchema.sql

    Community

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/community/createConfigRoleForSameSchema.sql

    Customization

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/customization/createConfigRoleForSameSchema.sql

    JCR

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/jcr/createConfigRoleForSameSchema.sql

    Feedback

    $PORTAL_HOME/pzn/prereq.pzn/config/templates/setupdb/db2_zos/feedback/createConfigRoleForSameSchema.sql

    Likeminds

    $PORTAL_HOME/pzn/prereq.pzn/config/templates/setupdb/db2_zos/likeminds/createConfigRoleForSameSchema.sql

Refer to the following locations of the SQL script templates for non-schema-owning configuration database user:

Table 2. Location of SQL script templates by database domain for information about specific permissions granted to non-schema-owning configuration database users

    Database domain

    Location of template

    Release

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/release/createConfigRoleForDifferentSchema.sql

    Community

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/community/createConfigRoleForDifferentSchema.sql

    Customization

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/customization/createConfigRoleForDifferentSchema.sql

    JCR

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/jcr/createConfigRoleForDifferentSchema.sql

    Feedback

    $PORTAL_HOME/pzn/prereq.pzn/config/templates/setupdb/db2_zos/feedback/createConfigRoleForDifferentSchema.sql

    Likeminds

    $PORTAL_HOME/pzn/prereq.pzn/config/templates/setupdb/db2_zos/likeminds/createConfigRoleForDifferentSchema.sql


Required privileges for the runtime database user

When the runtime database user is a schema owner, the domain.DbUser property is assigned the same value as the properties domain.DbRuntimeUser and domain.DbSchema. The runtime database user typically does not create tables used to query and manipulate data and does not by default have access to these tables. To grant minimum privileges to a runtime database user to work with these tables, access needs to be provided for the objects individually. A role is created for runtime database users in each database domain. These roles are created and assigned automatically when you run the setup-database configuration task before database transfer and later run the grant-runtime-db-user-privileges configuration task after database transfer. Before you run these configuration tasks, the runtime database user can only access the database to validate configurations. As an alternative to creating and assigning this role automatically, you can create a copy of the SQL scripts templates located in the installation directory of IBM WebSphere Portal to use as a guide for creating executable scripts for manually granting permissions. These read-only templates should not be modified and contain invalid SQL syntax. To grant privileges manually, create own version of these files to create runnable scripts.

Refer to the following locations of the SQL script templates to learn more about the specific permissions granted to the schema-owning runtime database user:

Table 3. Location of SQL script templates by database domain for information about specific permissions granted to schema-owning runtime database users

    Database domain

    Location of template

    Release

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/release/createRuntimeRoleForSameSchema.sql

    Community

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/community/createRuntimeRoleForSameSchema.sql

    Customization

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/customization/createRuntimeRoleForSameSchema.sql

    JCR

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/jcr/createRuntimeRoleForSameSchema.sql

    Feedback

    $PORTAL_HOME/pzn/prereq.pzn/config/templates/setupdb/db2_zos/feedback/createRuntimeRoleForSameSchema.sql

    Likeminds

    $PORTAL_HOME/pzn/prereq.pzn/config/templates/setupdb/db2_zos/likeminds/createRuntimeRoleForSameSchema.sql

Refer to the following locations of the SQL script templates to learn more about the specific permissions granted to the non-schema-owning runtime database user:

Table 4. Location of SQL script templates by database domain for information about specific permissions granted to non-schema-owning runtime database users

    Database domain

    Location of template

    Release

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/release/createRuntimeRoleForDifferentSchema.sql

    Community

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/community/createRuntimeRoleForDifferentSchema.sql

    Customization

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/customization/createRuntimeRoleForDifferentSchema.sql

    JCR

    $PORTAL_HOME/base/wp.db.impl/config/templates/setupdb/db2_zos/jcr/createRuntimeRoleForDifferentSchema.sql

    Feedback

    $PORTAL_HOME/pzn/prereq.pzn/config/templates/setupdb/db2_zos/feedback/createRuntimeRoleForDifferentSchema.sql

    Likeminds

    $PORTAL_HOME/pzn/prereq.pzn/config/templates/setupdb/db2_zos/likeminds/createRuntimeRoleForDifferentSchema.sql


Parent

AIX clustered server: Set up a remote DB2 for z/OS


Previous

AIX clustered server: Create remote DB2 for z/OS databases


Next topic

AIX clustered server: Create the Java Content Repository database January 5, 2012

  2011/12/15 documentation refresh 2011/12/15 documentation refresh


+

Search Tips   |   Advanced Search