A user mapping is an association between an authorization ID on the federated server and the information that is required to connect to the remote data source.
- local authorization ID
- local name of the remote data source server as specified in the server definition
- remote ID and password
CREATE USER MAPPING FOR <db2inst1> SERVER <server_name> OPTIONS ( REMOTE_AUTHID '<admin>', REMOTE_PASSWORD '<password>);
- db2inst1 specifies the local authorization ID in the Db2® instance. You should use the keyword USER or PUBLIC, or the Db2 instance name. USER is for current Db2 user, PUBLIC is for all Db2 users.
- server_name specifies the server definition name that you defined in the CREATE SERVER statement for the JDBC data source. The user mapping is paired with the server statement.
- admin specifies the remote user ID for the remote data source (for example, MySQL). The value is case-sensitive unless you set the FOLD_ID server parameter to "U" or "L" in the CREATE SERVER statement.
- password specifies the remote password for the remote data source (for example, MySQL). The value is case-sensitive unless you set the FOLD_PW server option to "U" or "L" in the CREATE SERVER statement.
By default, the federated server stores user mapping in the SYSCAT.USEROPTIONS view in the global catalog and encrypts the remote passwords. As an alternative, you can use an external repository, for example a file or an LDAP server, to store user mappings. To provide the interface between the federated server and the external repository, you create a user mapping plug-in.
No matter how you store user mappings, carefully restrict access to them. If user mappings are compromised, data in the remote databases might be vulnerable to unauthorized activity.
In Federation component, you can also create public user mappings to allow all local database users to access a data source through a single remote user ID and password.