+

Search Tips   |   Advanced Search

AIX stand-alone: Create users for DB2 for z/OS


Create users for IBM DB2 Universal Databaseā„¢ for z/OS to work with IBM WebSphere Portal. The Customization Dialog generates job EJPSRACthat we use to create users. Review the generated job and update it as appropriate for the installation requirements. If we use a security product such as Top Secret or ACF2 instead of RACF, modify the job as appropriate. After you run the job, grant the necessary access rights to all users who require them. Depending on the architecture that you choose, these users might include Java Content Repository and Feedback users.

Complete the installation of DB2 for z/OS.

This topic provides instructions on creating a configuration database user. To create a runtime database user, repeat the steps in this topic.

Use the following steps to grant access permissions to the database users. Repeat these steps for each WebSphere Portal instance we are setting up.

  1. Create all database user IDs in the security product we are using on z/OS. For jcrschema, the database schema name for IBM Java Content Repository data, create a group and connect it to the database user ID for Java Content Repository data, jcr. The following sample shows the RACF definition of such a user ID and group, where jcr is the database user ID for Java Content Repository data, yourDefaultUserGroup is your default RACF group for database user IDs, jcrschema is the database schema name for Java Content Repository data, and yourDefaultGroup is your default RACF group for groups. If you have some other security product such as Top Secret or ACF2 instead of RACF, translate the sample RACF definition into the appropriate syntax before running the job.
    ADDUSER jcr DFLTGRP(yourDefaultUserGroup) NAME('WAS DB2 ACCESS USER')
    PW USER(jcr) NOINTERVAL
    ALU jcr PASSWORD(********) NOEXPIRED
    ADDGROUP jcrschema SUPGROUP(yourDefaultGroup)
    CONNECT jcr GROUP(jcrschema)
    

  2. Run the following SQL statements using a tool like SPUFI while logged on to the DB2 subsystem to grant appropriate rights on the newly created databases. If we are configuring multiple WebSphere Portal instances to use a single DB2 for z/OS subsystem, be sure to use the database user associated with the WebSphere Portal instance we are setting up.
    (C) create/alter tablespaces (C) create/alter tables
    (C) create/alter indice;
    (C+R) read/write data  (C) - at configuration time  (R) - at runtime   GRANT USE OF ALL BUFFERPOOLS TO releaseusr;
    GRANT USE OF ALL BUFFERPOOLS TO communityusr;
    GRANT USE OF ALL BUFFERPOOLS TO customizationusr;
    
    GRANT DBADM ON DATABASE jcrdbnameonzos TO jcr;
    GRANT USE OF ALL BUFFERPOOLS TO jcr;
    GRANT DBADM ON DATABASE fdbkdbnameonzos TO feedback;
    GRANT USE OF ALL BUFFERPOOLS TO feedback;
    GRANT DBADM ON DATABASE lmdbnameonzos TO lmdbusr;
    GRANT USE OF ALL BUFFERPOOLS TO lmdbusr;
    GRANT SELECT ON SYSIBM.SYSCOLUMNS TO releaseusr;
    GRANT SELECT ON SYSIBM.SYSCOLUMNS TO communityusr;
    GRANT SELECT ON SYSIBM.SYSCOLUMNS TO customizationusr;
    
    GRANT SELECT ON SYSIBM.SYSTABLES TO releaseusr;
    GRANT SELECT ON SYSIBM.SYSTABLES TO communityusr;
    GRANT SELECT ON SYSIBM.SYSTABLES TO customizationusr;
    
    GRANT SELECT ON SYSIBM.SYSCOLUMNS TO jcr;
    GRANT SELECT ON SYSIBM.SYSTABLES TO jcr;
    GRANT SELECT ON SYSIBM.SYSCOLUMNS TO fdbkdbusr;
    GRANT SELECT ON SYSIBM.SYSTABLES TO fdbkdbusr;
    GRANT SELECT ON SYSIBM.SYSCOLUMNS TO lmdbusr;
    GRANT SELECT ON SYSIBM.SYSTABLES TO lmdbusr;
    GRANT SELECT ON SYSIBM.SYSFOREIGNKEYS TO releaseusr;
    GRANT SELECT ON SYSIBM.SYSFOREIGNKEYS TO communityusr;
    GRANT SELECT ON SYSIBM.SYSFOREIGNKEYS TO customizationusr;
    
    GRANT SELECT ON SYSIBM.SYSFOREIGNKEYS TO jcr;
    GRANT SELECT ON SYSIBM.SYSFOREIGNKEYS TO fdbkdbusr;
    GRANT SELECT ON SYSIBM.SYSFOREIGNKEYS TO lmdbusr;
    GRANT SELECT ON SYSIBM.SYSRELS TO releaseusr;
    GRANT SELECT ON SYSIBM.SYSRELS TO communityusr;
    GRANT SELECT ON SYSIBM.SYSRELS TO customizationusr;
    
    GRANT SELECT ON SYSIBM.SYSRELS TO jcr;
    GRANT SELECT ON SYSIBM.SYSRELS TO fdbkdbusr;
    GRANT SELECT ON SYSIBM.SYSRELS TO lmdbusr;
    GRANT USE OF STOGROUP jcrstogroup TO jcr;
    GRANT CREATEIN, DROPIN ON SCHEMA jcrschema TO jcr;
    GRANT SELECT ON SYSIBM.SYSTABLESPACE TO jcr;
    GRANT SELECT ON SYSIBM.SYSVIEWS TO jcr;
    GRANT SELECT ON SYSIBM.SYSTRIGGERS TO jcr;
    GRANT SELECT ON SYSIBM.SYSINDEXPART TO jcr;
    GRANT SELECT ON SYSIBM.SYSINDEXES TO jcr;
    GRANT SELECT ON SYSIBM.SYSSYNONYMS TO jcr;
    
    where:

    • releasenameonzos, communitynameonzos, customizationnameonzos, and releaseusr, communityusr, customizationusr represent the databases and database users, respectively, of the WebSphere Portal instance we are setting up. (These users must be created on the host system.)
    • jcrdbnameonzos and jcr are the database and database user, respectively, for Content Repository data.

    • fdbkdbnameonzos and feedback are the database and database user, respectively, for Feedback data.

    • lmdbnameonzos and lmdbusr are the database and database user, respectively, for Likeminds data.
    • jcrschema is the database schema name for Content Repository data.

  3. Grant the necessary access rights to all users who might require them. Depending on the architecture that you choose, these users might include Java Content Repository and Feedback users.


Parent: AIX stand-alone: Prepare DB2 for z/OS
Previous: AIX stand-alone: Use JCL templates to set up DB2 for z/OS
Next: AIX stand-alone: Grant privileges to DB2 for z/OS users