Security model for the db2cluster command

The db2cluster command is the main interface into Db2® cluster services, and as such acts on both the cluster manager and shared file system cluster provided for the IBM® Db2 pureScale® Feature. The db2cluster command options that are available to a user depend on the user's authority.

In terms of the security model for the db2cluster command, there are three user groups, broken down by the type of tasks each user group is likely to perform:
  • Anyone with a userid on the system

    Users in this group are able to use the db2cluster command to report information about the Db2 pureScale instance, but not to make any changes.

  • The SYSADM, SYSCTL or SYSMAINT group

    Users in this group are able to use the db2cluster command to keep the instance up and running, and to perform some administrative tasks on the cluster manager. By definition, a user in this group is either the userid of the instance, a member of the primary group of the instance owner, or a member of a non-primary group of the instance owner. Db2 recommends that normal day to day activities are performed using a userid with membership in a non-primary group of the instance owner

  • The Db2 cluster services administrator
    Users in this group have no requirements to access data in the database; this is an administrative role used for:
    • installation and configuration of the Db2 cluster services portion of Db2
    • maintaining clustered instances in the cluster domain and maintaining the shared file system cluster
    The Db2 cluster services administrator role is an end user with access to a root-owned userid for the operating system; for example, an operating system administrator. Db2 cluster services can affect all clustered environments, whether you are using the Db2 pureScale Feature or a partitioned database environment with integrated HA. Therefore, roles such as DBADM, SECADM, SQLADM, WLMADM, EXPLAIN, ACCESSCTRL, and DATAACCESS that act on databases, do not provide the appropriate level of authority for cluster management. The Db2 cluster services administrator can be the same person as someone with a userid in the SYSADM, SYSCTL or SYSMAINT groups.
    Note: Just because a user has SYSADM privileges, it does not necessarily mean the user has operating system administration privileges.

Cluster manager tasks for db2cluster

  • Anyone with a userid on the system can retrieve information about the current state of the cluster domain using the -list and -verify options.
  • Users in the SYSADM, SYSMAINT or SYSCTL group can query and change the preferred primary cluster caching facility using the -list and -set options. As well, these users can use the -clear -alert option to clear alerts for any of the hosts, members, and cluster caching facilities in the current instance (as defined by the DB2INSTANCE registry variable). Users in this group can also create and delete cluster resources, and repair the cluster manager resource model; however, it is strongly recommended that these tasks be performed only under the advisement of Db2 service personnel.
  • The Db2 cluster services administrator can perform administrative tasks that affect Db2 cluster services as a whole across all clustered instances on all hosts in the cluster domain. This user can perform configuration tasks such as setting the tiebreaker device and the host failure detection time, using the -set option. As well, the Db2 cluster services administrator can perform maintenance-related tasks, such as putting hosts into maintenance mode, using the -enter option, or committing changes or updates to the cluster manager, using the -commit option. This user can also perform advanced maintenance operations on the cluster manager peer domain, such as creating, deleting, starting, or stopping the domain, and adding or removing hosts; however, it is strongly recommended that these tasks be performed only under the advisement of Db2 service personnel. Certain DB2® cluster administrative commands require DB2INSTANCE environment variable to be set.

Shared file system tasks for db2cluster

  • Anyone with a userid on the system can retrieve information about the current state of the cluster domain using the -list and -verify options. These users can also perform a wide variety of file system operations with the db2cluster command options, but what they can do is constrained by regular file system permissions. As long as the userid running the command has read and write ownership of the device being used, that user can create file systems and add disks. Once a file system has been created or mounted, access to that file system is limited to the userid that created it and to the Db2 cluster services administrator, so only those users can remove, delete, or rebalance a file system. Either the userid that created it, or the Db2 cluster services administrator can create directories that are accessible to other users, much as with a normal file system.
  • The Db2 cluster services administrator can perform administrative tasks that affect Db2 cluster services as a whole across all clustered instances on all hosts in the cluster domain. This user can change options for the tiebreaker device, using the -set option. As well, the Db2 cluster services administrator can perform maintenance-related tasks, such as putting hosts into maintenance mode, using the -enter option, or committing changes or updates to the shared file system, using the -commit option. This user can also perform advanced maintenance operations on the shared file system cluster, such as creating, deleting, starting, or stopping the domain, and adding or removing hosts; however, it is strongly recommended that these tasks be performed only under the advisement of Db2 service personnel.