Required Permissions

Procedure to Create Service User

Based on the operating system, perform the respective procedures in the section.

  1. Create a Windows user and set up a password for this user.

  2. Assign the DB2USERS Group to the above created user.

  1. Add the user to the Linux system and add it to the instance owner group. The default DB2 users group is db2iadm1

    useradd -G <Instance_owner_group> <SERVICE_USER>

  2. Set the password using the following command:

    passwd <SERVICE_USER>

  3. Connect to the machine using the db2inst1 or the DB2 administrator user.

IBM DB2 Enterprise Server Permissions

For IBM DB2 Enterprise Server version 10.1 and 10.5:

The Administrator login must have the SYSADM (Authority) as the minimum privilege and must be able to perform the following operations on DB User and Roles:

  • Search

  • Create

  • Update

  • Delete

Note
To run the CREATE ROLE rolename and DROP ROLE rolename query in the following DB2 versions, the respective specified authorities are required: 10.1 and 10.5: SECADM, SYSCTRL, or SECADM authority

For IBM DB2 Enterprise Server version 11.1:

  1. Connect to the database with administrator user using command: db2 connect to <DATABASE>

  2. Grant the following Privileges: GRANT DBADM ON DATABASE TO USER <SERVICE_USER>; GRANT SECADM ON DATABASE TO USER <SERVICE_USER>; GRANT ACCESSCTRL ON DATABASE TO USER <SERVICE_USER>; GRANT DATAACCESS ON DATABASE TO USER <SERVICE_USER>;

  3. Grant the following Roles: GRANT SYSTS_ADM to <SERVICE_USER>;

  4. Create the source using the Service User as the user and specify the database.