Required Permissions
Procedure to Create Service User
Based on the operating system, perform the respective procedures in the section.
For Windows Operating Systems
-
Create a Windows user and set up a password for this user.
-
Assign the DB2USERS Group to the above created user.
For Linux Operating Systems
-
Add the user to the Linux system and add it to the instance owner group. The default DB2 users group is db2iadm1
useradd -G <Instance_owner_group> <SERVICE_USER>
For example,
useradd -G db2iadm1 serviceuser -
Set the password using the following command:
passwd <SERVICE_USER> -
Connect to the machine using the db2inst1 or the DB2 administrator user.
-
Based on the version of IBM DB2 Enterprise Server version, assign the following respective permissions:
(For IBM DB2 Enterprise Server version 11.1) Connect to the Database with administrator user using the following command:
Copyconnect to <DATABASE>
Grant Privileges
GRANT DBADM ON DATABASE TO USER <SERVICE_USER>;
GRANT SECADM ON DATABASE TO USER <SERVICE_USER>;
GRANT ACCESSCTRL ON DATABASE TO USER <SERVICE_USER>;
GRANT DATAACCESS ON DATABASE TO USER <SERVICE_USER>; -
On IdentityIQ, create the application using the Service User as the User with the name of the database specified.
(For IBM DB2 Enterprise Server version 10.5) The Administrator login must have the SYSADM (Authority) as the minimum privilege and must be able to perform the following operations on Database User and Roles:
-
Search
-
Create
-
Update
-
Delete
Note
To run the CREATE ROLE rolename and DROP ROLE rolename query in the following DB2 versions, the respective specified authorities are required:
10.5: SECADM, SYSCTRL, or SECADM authority
-