This is a quick sketch of the typical process for setting up individual user IDs to access a DB2 database on a Linux-based DB2 server — basically, the bare essential things to do which aren’t covered by the DB2 installation guide.
Before attempting the DB2 install, install the necessary additional packages:
apt-get install libxrender1 libxft2 libxtst6 libxi6 libaio1 ksh libstdc++6-4.4-dev libstdc++6-4.4-pic libstdc++5 rpm
Install DB2, and check licensing is set up correctly via
Create at least a couple of roles to handle database access control. For example:
CREATE ROLE DATAREADER CREATE ROLE DATAWRITER
For each table, give those roles the appropriate access:
CONNECT TO MYDATABASE GRANT SELECT ON [tablename] TO ROLE DATAREADER GRANT SELECT, INSERT, UPDATE ON [tablename] TO ROLE DATAWRITER
Now you can create users. First create them in Linux:
# useradd --create-home --user-group --comment "Kevin Flynn" kflynn # passwd kflynn # chage -d 0 kflynn # chsh --shell /bin/bash kflynn
Important: The user ID must be 8 characters or fewer, or DB2 will fail with misleading error messages.
chage command ensures that the user has to change the password from whatever you assigned, the first time they log in. The
chsh changes the shell to bash, because the default on CentOS seems to be /bin/sh, which goes into an infinite loop of fail if you attempt to log in when that user has been set up as a DB2 user (with ~/sqllib).
sudo to become
db2inst1 (or whatever your instance ID is). Then give the user the roles you set up above.
$ db2 [...] db2 => CONNECT TO MYDATABASE [...] db2 => GRANT ROLE DATAREADER TO USER kflynn DB20000I The SQL command completed successfully. db2 => GRANT ROLE DATAWRITER TO USER kflynn DB20000I The SQL command completed successfully.
If you also need the user to be an admin for the database, there are two extra roles:
db2 => GRANT SECADM ON DATABASE TO USER kflynn DB20000I The SQL command completed successfully. db2 => GRANT DBADM ON DATABASE TO USER kflynn DB20000I The SQL command completed successfully.
The first role allows the user to grant and revoke access (SECurity ADMin), the second allows all other administrative database access.