Required Permissions
Configure system accounts with the permissions required to support connector operations.
Permissions Management
Permissions are assigned to accounts and groups as Direct Permissions during account and entitlement aggregation. The connector supports the following permissions:
-
table
-
database
-
schema, index
-
view
-
package
-
method
-
tablespace
-
function
-
procedure
Procedure to Create Service User
Based on the operating system, perform the respective procedures in the section.
For Windows Operating Systems
-
Create a Windows user and set up a password for this user.
-
Assign the DB2USERS Group to the above created user.
For Linux Operating Systems
-
Add the user to the Linux system and add it to the instance owner group. The default DB2 users group is db2iadm1
useradd -G <Instance_owner_group> <SERVICE_USER>
-
Set the password using the following command:
passwd <SERVICE_USER> -
Connect to the machine using the db2inst1 or the DB2 administrator user.
IBM DB2 Enterprise Server Permissions
For IBM DB2 Enterprise Server version 10.1 and 10.5:
The Administrator login must have the SYSADM (Authority) as the minimum privilege and must be able to perform the following operations on DB User and Roles:
-
Search
-
Create
-
Update
-
Delete
Note
To run the CREATE ROLE rolename and DROP ROLE rolename query in the following DB2 versions, the respective specified authorities are required: 10.1 and 10.5: SECADM, SYSCTRL, or SECADM authority
For IBM DB2 Enterprise Server version 11.1:
-
Connect to the database with administrator user using command:
db2 connect to <DATABASE>
-
Grant the following Privileges:
GRANT DBADM ON DATABASE TO USER <SERVICE_USER>; GRANT SECADM ON DATABASE TO USER <SERVICE_USER>; GRANT ACCESSCTRL ON DATABASE TO USER <SERVICE_USER>; GRANT DATAACCESS ON DATABASE TO USER <SERVICE_USER>;
-
Grant the following Roles:
GRANT SYSTS_ADM to <SERVICE_USER>;
-
Create the source using the Service User as the user and specify the database.