AIX clustered server: Create DB2 for z/OS users
Create users for IBM DB2 Universal Databaseā¢ for z/OS to work with IBM WebSphere Portal. The Customization Dialog generates job EJPSRACthat we use to create users. Review the generated job and update it as appropriate for the installation requirements. If we use a security product such as Top Secret or ACF2 instead of RACF, modify the job as appropriate. After you run the job, grant the necessary access rights to all users who require them. Depending on the architecture that you choose, these users might include Java Content Repository and Feedback users.Complete the installation of DB2 for z/OS.
- Prerequisites
- AIX clustered server: Install DB2 for z/OS
- AIX clustered server: Modify DB2 for z/OS database properties
- AIX clustered server: Use JCL templates to set up DB2 for z/OS
This topic provides instructions on creating a configuration database user. To create a runtime database user, repeat the steps in this topic.
- If WebSphere Portal v8.0 and an earlier version of WebSphere Portal coexist, the database user IDs for WebSphere Portal v8.0 must be different than earlier versions to avoid conflicts during installation.
- If we are configuring multiple WebSphere Portal instances to use a single DB2 for z/OS subsystem, create a unique database user for each WebSphere Portal instance. By default all database table names include the name of the database user used to access the data. Therefore, to prevent table name conflicts, create a unique database user for each WebSphere Portal instance on the shared DB2 for z/OS subsystem.
- Take care to create users in an environment that has the same settings as the actual runtime environment.
For example, avoid creating a user in an English environment if you plan to use that user in a Turkish environment.
Use the following steps to grant access permissions to the database users. Repeat these steps for each WebSphere Portal instance we are setting up.
- Create all database user IDs in the security product we are using on z/OS. For jcrschema, the database schema name for IBM Java Content Repository data, create a group and connect it to the database user ID for Java Content Repository data, jcr. The following sample shows the RACF definition of such a user ID and group, where jcr is the database user ID for Java Content Repository data, yourDefaultUserGroup is your default RACF group for database user IDs, jcrschema is the database schema name for Java Content Repository data, and yourDefaultGroup is your default RACF group for groups. If you have some other security product such as Top Secret or ACF2 instead of RACF, translate the sample RACF definition into the appropriate syntax before running the job.
ADDUSER jcr DFLTGRP(yourDefaultUserGroup) NAME('WAS DB2 ACCESS USER') PW USER(jcr) NOINTERVAL ALU jcr PASSWORD(********) NOEXPIRED ADDGROUP jcrschema SUPGROUP(yourDefaultGroup) CONNECT jcr GROUP(jcrschema)
- Run the following SQL statements using a tool like SPUFI while logged on to the DB2 subsystem to grant appropriate rights on the newly created databases. If we are configuring multiple WebSphere Portal instances to use a single DB2 for z/OS subsystem, be sure to use the database user associated with the WebSphere Portal instance we are setting up.
(C) create/alter tablespaces (C) create/alter tables (C) create/alter indice; (C+R) read/write data (C) - at configuration time (R) - at runtime GRANT USE OF ALL BUFFERPOOLS TO releaseusr; GRANT USE OF ALL BUFFERPOOLS TO communityusr; GRANT USE OF ALL BUFFERPOOLS TO customizationusr; GRANT DBADM ON DATABASE jcrdbnameonzos TO jcr; GRANT USE OF ALL BUFFERPOOLS TO jcr; GRANT DBADM ON DATABASE fdbkdbnameonzos TO feedback; GRANT USE OF ALL BUFFERPOOLS TO feedback; GRANT DBADM ON DATABASE lmdbnameonzos TO lmdbusr; GRANT USE OF ALL BUFFERPOOLS TO lmdbusr; GRANT SELECT ON SYSIBM.SYSCOLUMNS TO releaseusr; GRANT SELECT ON SYSIBM.SYSCOLUMNS TO communityusr; GRANT SELECT ON SYSIBM.SYSCOLUMNS TO customizationusr; GRANT SELECT ON SYSIBM.SYSTABLES TO releaseusr; GRANT SELECT ON SYSIBM.SYSTABLES TO communityusr; GRANT SELECT ON SYSIBM.SYSTABLES TO customizationusr; GRANT SELECT ON SYSIBM.SYSCOLUMNS TO jcr; GRANT SELECT ON SYSIBM.SYSTABLES TO jcr; GRANT SELECT ON SYSIBM.SYSCOLUMNS TO fdbkdbusr; GRANT SELECT ON SYSIBM.SYSTABLES TO fdbkdbusr; GRANT SELECT ON SYSIBM.SYSCOLUMNS TO lmdbusr; GRANT SELECT ON SYSIBM.SYSTABLES TO lmdbusr; GRANT SELECT ON SYSIBM.SYSFOREIGNKEYS TO releaseusr; GRANT SELECT ON SYSIBM.SYSFOREIGNKEYS TO communityusr; GRANT SELECT ON SYSIBM.SYSFOREIGNKEYS TO customizationusr; GRANT SELECT ON SYSIBM.SYSFOREIGNKEYS TO jcr; GRANT SELECT ON SYSIBM.SYSFOREIGNKEYS TO fdbkdbusr; GRANT SELECT ON SYSIBM.SYSFOREIGNKEYS TO lmdbusr; GRANT SELECT ON SYSIBM.SYSRELS TO releaseusr; GRANT SELECT ON SYSIBM.SYSRELS TO communityusr; GRANT SELECT ON SYSIBM.SYSRELS TO customizationusr; GRANT SELECT ON SYSIBM.SYSRELS TO jcr; GRANT SELECT ON SYSIBM.SYSRELS TO fdbkdbusr; GRANT SELECT ON SYSIBM.SYSRELS TO lmdbusr; GRANT USE OF STOGROUP jcrstogroup TO jcr; GRANT CREATEIN, DROPIN ON SCHEMA jcrschema TO jcr; GRANT SELECT ON SYSIBM.SYSTABLESPACE TO jcr; GRANT SELECT ON SYSIBM.SYSVIEWS TO jcr; GRANT SELECT ON SYSIBM.SYSTRIGGERS TO jcr; GRANT SELECT ON SYSIBM.SYSINDEXPART TO jcr; GRANT SELECT ON SYSIBM.SYSINDEXES TO jcr; GRANT SELECT ON SYSIBM.SYSSYNONYMS TO jcr;where:
- releasenameonzos, communitynameonzos, customizationnameonzos, and releaseusr, communityusr, customizationusr represent the databases and database users, respectively, of the WebSphere Portal instance we are setting up. (These users must be created on the host system.)
- jcrdbnameonzos and jcr are the database and database user, respectively, for Content Repository data.
- fdbkdbnameonzos and feedback are the database and database user, respectively, for Feedback data.
- lmdbnameonzos and lmdbusr are the database and database user, respectively, for Likeminds data.
- jcrschema is the database schema name for Content Repository data.
- Grant the necessary access rights to all users who might require them. Depending on the architecture that you choose, these users might include Java Content Repository and Feedback users.
Parent: AIX clustered server: Set up a remote DB2 for z/OS
Previous: AIX clustered server: Use JCL templates to set up DB2 for z/OS
Next: AIX clustered server: Create remote DB2 for z/OS databases