Securing the database environment
You can enhance the operational security of your databases during the installation using either DB2®, Oracle, or Microsoft SQL Server. You can complete the installation without giving database users who are associated with the application server administrative privileges.
MONITOR database
When creating the MONITOR database, the monitor runtime database user is, by default, granted privileges to administer database objects, which simplifies the creation of the MONITOR database and enables the IBM® Business Monitor server to automatically manage the monitor model database schema at the time of model deployment and removal. However, you can secure your database by limiting administrator access to a single data source that is responsible for management of the monitor model database schema. Alternately, you can completely remove all administrative privileges for the MONITOR database users. Instead, a database administrator manually manages the monitor model database schema.
Using scripts, you can enhance security for DB2, Oracle or SQL Server by granting the MONITOR database user only the privileges that are required to access the MONITOR database objects. For more information about model-level database security considerations, see "Managing monitor model database schemas in a secured database" in the related concepts.
Data source name | JNDI name | Purpose | Suggested authentication alias |
---|---|---|---|
Monitor_Database | jdbc/wbm/MonitorDatabase | Operational data source for event processing; Rest services for dashboards, and other functions. | Monitor_JDBC_Alias |
Monitor_cellname_Routing_Database | jdbc/wbm/cellname/MonitorDatabase | Operational data source for sending events to the MONITOR database, for example, table-based event distribution. | Monitor_JDBC_Alias |
Monitor_ME_Database | Jdbc/wbm/MonitorMEDatabase | Operational data source for the IBM Business Monitor messaging engine. Administrative privileges are required only if the messaging engine creates a database schema upon initial startup. | Monitor_JDBC_Alias |
Monitor_Admin_Database | jdbc/wbm/MonitorAdminDatabase | Data source for creating and deleting the monitor model database schema upon model deployment, undeployment, and data movement service enablement. Administrative privileges are required only if IBM Business Monitor manages the database schema. | Monitor_Admin_JDBC_Alias |
COGNOSCS database
When you set up the Cognos content store, COGNOSCS, make sure the user account that accesses the content store has permission to perform the following actions:- Connect to the content store
- Create, alter, and drop triggers, views, procedures, and sequences
- Create and alter tables
- Insert, update, and delete data in the database tables
The user ID and password information for the database is controlled by the Cognos_JDBC_Alias authentication alias, as described in "Changing the IBM Cognos BI content store password."