Windows clustered server: Grant privileges to DB2 database users
Configuration and runtime database users are granted a different set of privileges, depending on whether these users are schema owners or not. We can create a copy of the SQL scripts and edit this copy to manually grant permissions to configuration and runtime database users.
Required privileges of the configuration database user
When a configuration database user is a schema owner, the property...
domain.DbUser
...is assigned the same value as the property...
domain.DbSchema
...and a role is created for a configuration user in each database domain.
This role is created and assigned automatically when you run...
ConfigEngine.sh setup-database
As an alternative to creating and assigning this role automatically, we can create a copy of the SQL scripts templates located in the installation directory of IBM WebSphere Portal to use as a guide for creating executable scripts for manually granting permissions. These read-only templates should not be modified and contain invalid SQL syntax. Create our own version of these files to create runnable scripts.
Permissions granted to the schema-owning configuration database user:
Database domain Location of template Release PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\release\createConfigRoleForSameSchema.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\release\grantRoleToConfigUser.sql
Community PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\community\createConfigRoleForSameSchema.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\community\grantRoleToConfigUser.sql
Customization PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\customization\createConfigRoleForSameSchema.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\customization\grantRoleToConfigUser.sql
JCR PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\jcr\createConfigRoleForSameSchema.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\jcr\grantRoleToConfigUser.sql
Feedback PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\feedback\createConfigRoleForSameSchema.sql PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\feedback\grantRoleToConfigUser.sql
Likeminds PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\likeminds\createConfigRoleForSameSchema.sql PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\likeminds\grantRoleToConfigUser.sql
Non-schema-owning configuration database user:
Database domain Location of template Release PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\release\createConfigRoleForDifferentSchema.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\release\grantRoleToConfigUser.sql
Community PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\community\createConfigRoleForDifferentSchema.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\community\grantRoleToConfigUser.sql
Customization PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\customization\createConfigRoleForDifferentSchema.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\customization\grantRoleToConfigUser.sql
JCR PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\jcr\createConfigRoleForDifferentSchema.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\jcr\grantRoleToConfigUser.sql
Feedback PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\feedback\createConfigRoleForDifferentSchema.sql PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\feedback\grantRoleToConfigUser.sql
Likeminds PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\likeminds\createConfigRoleForDifferentSchema.sql PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\likeminds\grantRoleToConfigUser.sql
Required privileges for the runtime database user
When the runtime database user is a schema owner, the property...
domain.DbUser
...is assigned the same value as the properties domain.DbRuntimeUser and domain.DbSchema. The runtime database user typically does not create tables used to query and manipulate data and does not by default have access to these tables. To grant minimum privileges to a runtime database user to work with these tables, access needs to be provided for the objects individually. A role is created for runtime database users in each database domain. These roles are created and assigned automatically when you run...
ConfigEngine.sh setup-database
before database transfer and later run grant-runtime-db-user-privileges configuration after database transfer. Before you run these configuration tasks, the runtime database user can only access the database to validate configurations. As an alternative to creating and assigning this role automatically, we can create a copy of the SQL scripts templates located in the installation directory of IBM WebSphere Portal to use as a guide for creating executable scripts for manually granting permissions. These read-only templates should not be modified and contain invalid SQL syntax. Create our own version of these files to create runnable scripts.
Refer to the following locations of the SQL script templates to learn more about the specific permissions granted to the schema-owning runtime database user:
script templates by database domain for information about specific
Database domain Location of template Release PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\release\createInitialRuntimeRole.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\release\createRuntimeRoleForSameSchema.sql
PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\release\grantRoleToRuntimeUser.sql
Community PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\community\createInitialRuntimeRole.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\community\createRuntimeRoleForSameSchema.sql
PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\community\grantRoleToRuntimeUser.sql
Customization PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\customization\createInitialRuntimeRole.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\customization\createRuntimeRoleForSameSchema.sql
PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\customization\grantRoleToRuntimeUser.sql
JCR PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\jcr\createInitialRuntimeRole.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\jcr\createRuntimeRoleForSameSchema.sql
PORTAL_HOME\jcr\wp.content.repository.install\config\templates\setupdb\db2\jcr\grantPermissionsToRuntimeRoleStatic.sql
PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\jcr\grantRoleToRuntimeUser.sql
Feedback PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\feedback\createInitialRuntimeRole.sql PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\feedback\createRuntimeRoleForSameSchema.sql
PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\feedback\grantRoleToRuntimeUser.sql
Likeminds PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\likeminds\createInitialRuntimeRole.sql PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\likeminds\createRuntimeRoleForSameSchema.sql
PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\likeminds\grantRoleToRuntimeUser.sql
Non-schema-owning runtime database user:
Database domain Location of template Release PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\release\createInitialRuntimeRole.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\release\createRuntimeRoleForDifferentSchema.sql
PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\release\grantRoleToRuntimeUser.sql
Community PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\community\createInitialRuntimeRole.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\community\createRuntimeRoleForDifferentSchema.sql
PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\community\grantRoleToRuntimeUser.sql
Customization PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\customization\createInitialRuntimeRole.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\customization\createRuntimeRoleForDifferentSchema.sql
PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\customization\grantRoleToRuntimeUser.sql
JCR PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\jcr\createInitialRuntimeRole.sql PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\jcr\createRuntimeRoleForDifferentSchema.sql
PORTAL_HOME\jcr\wp.content.repository.install\config\templates\setupdb\db2\jcr\grantPermissionsToRuntimeRoleStatic.sql
PORTAL_HOME\base\wp.db.impl\config\templates\setupdb\db2\jcr\grantRoleToRuntimeUser.sql
Feedback PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\feedback\createInitialRuntimeRole.sql PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\feedback\createRuntimeRoleForDifferentSchema.sql
PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\feedback\grantRoleToRuntimeUser.sql
Likeminds PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\likeminds\createInitialRuntimeRole.sql PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\likeminds\createRuntimeRoleForDifferentSchema.sql
PORTAL_HOME\pzn\prereq.pzn\config\templates\setupdb\db2\likeminds\grantRoleToRuntimeUser.sql
Parent: Windows clustered server: Set up DB2 manually
Related:
Database users