Topic
3 replies Latest Post - ‏2013-09-05T17:00:43Z by jswales
jswales
jswales
3 Posts
ACCEPTED ANSWER

Pinned topic Registry Services DB2 non instance owner

‏2013-09-04T22:24:18Z |

Soo, I have run into a snag installing JazzSM and am looking for ideas.  Our DB2 is managed by a separate team... And the security policies is to not allow "users" to run as the instance id.  When installing JazzSM, one get's to the DB2 config screen.  Now in this case DB2 10 has been installed by our DB2 support team, and they have created an instance.  I have been given an id with DBADM authority to use.. But the install screen insists that the username and instance name have to be the same. 

 

So, two questions.. Is there a way to do this without them matching??

Alternatively, is there a way for me to install using the instance id user, and then switch the DB usage to another id that is not the instance id??

Julian

  • CynthiaF
    CynthiaF
    1 Post
    ACCEPTED ANSWER

    Re: Registry Services DB2 non instance owner

    ‏2013-09-05T15:30:17Z  in response to jswales

    Hello Julian

    This is currently a limitation, username should be the same as the instance name.

    Currently there is no workaround for this, however we have a requirement to support this scenario in the next major release.

     

  • pstatham
    pstatham
    4 Posts
    ACCEPTED ANSWER

    Re: Registry Services DB2 non instance owner

    ‏2013-09-05T16:19:55Z  in response to jswales

    Hi Julian. This may be a case where our tooling is trying to help too much. I'm currently trying to recreate your scenario in our lab to see how we can enable it without having to ask more questions (which decreases consumability).

    To help me recreate, can you tell me ..

    - the name of the OS/LDAP account used to access the DB2 machine

    - the instance name

    - the database name

    - the DB2 account name (if different from OS/LDAP account) that has been granted full access to the database

    I don't need passwords, just names.

    Also, does your company typically install the DB2 client on machines such as the one hosting JazzSM applications? If so, is that does as root or as non-root. If non-root, is it a different account than what you use to install JazzSM?

    If you do use the DB2 client, are you cataloging the remote database into a client instance directory? Or are you using LDAP to get the remote database information?

    Regards,

    Perry Statham

    Deployment Architect, Jazz for Service Management (JazzSM)

     

     

    • jswales
      jswales
      3 Posts
      ACCEPTED ANSWER

      Re: Registry Services DB2 non instance owner

      ‏2013-09-05T17:00:43Z  in response to pstatham

      Perry, 

      So, in this case, we have DB2 locally on the machine that will have all the JazzSM code. 

      In our case the DB2 team installed the DB2 10.1, using the JazzSM DB2 code.  I don't exactly know their process. 

      They created an instance called db2inst2 and our PLAN is to have the FRSDB and CCSDB run under the same instance.

      It looks like the DB2 team have id's db2inst2 and db2fenc2 and db2dbas as id's for this database instance. 

      I have an id called db2jazz, with DBADM authority.

      And this is where the problem occurs.. :)  I select dbinst2 as the instance in the install dialogue FRSDB as the database, and db2jazz as the id, and it does NOT like it...

      We do NOT use LDAP in this environment at the OS level. 

      It looks like DB2 software was installed as root.

      We do you both local DB2 installs and remote DB2 install with client.  In this case currently it's a local install, because it's DB2 10.1 and we are just starting work with that version..

      We ARE installing JazzSM as a non-root user.. In this case the id is ncosys.

      I don't know how the registry database is used internally within the application, but generally, we'd like a separate id from the instance owner id that the application uses.   Also, our DB2 team generally follows least privileges option for id's.  So we get only as much access as is required for the application to run. It would be nice if there were a way for us to provide our DB2 team the database build script, they run it build the DB, and then we just setup the connection with the "user" id, and that would be it...  That way they can create the DB as they want, and give access to the id we provide, the setup asks if it's existing DB, we say yes, it asks for the connection info and uid/pw, and on we go... This would be an option to the current build everything, since I know some places would use that..

      If I missed answering any of your requests, just let me know.