Migrate local authorization user accounts

This task is about migrating repository user accounts with the role managed by IBM Data Server Manager into IBM Db2 Data Management Console.

Before you begin

Ensure to complete the upgrade process.

Procedure

  1. Find the installation directory of IBM Db2 Data Management Console. Navigate to the utility folder.
    cd ./dsmmigscripts
  2. Run the script file for your respective platform.
    user_migration.sh <DSM_install_path>
    or
    user_migration.bat <DSM_install_path>

    where <DSM_install_path> is the absolute path of IBM® Data Server Manager install directory.

  3. (Optional) Check the log details of this migration. The log file UserUtils.0 is located under logs folder of IBM Db2 Data Management Console installation directory.
  4. Check the new intermediate files generated in the below folder.
    <DMC_install_path>/Config/user_migration/

    where <DMC_install_path> is the install directory of IBM Db2 Data Management Console. This directory contains the following files:

    • File dsm_admin_users contains user names of all administrator user accounts. You can use it to validate administrator users or as a reference when you want to manually migrate user accounts.
    • File dsm_nonadmin_users contains user names of all non-administrator user accounts. You can use it to validate non-administrator users or as a reference when you want to manually migrate user accounts.
    • File grant_udf_sql contains sample SQL statements which could be used to grant Db2 UDF execute privileges to the new users created in the repository database.
    • File grant_role_sql contains sample SQL statements which could be used to grant Db2 roles to the new users created in the repository database.
    • File grant_authority_sql contains sample SQL statements which could be used to grant Db2 authorities to the new users created in the repository database.
  5. Choose an authorization method and grant appropriate Db2 privileges to the new user accounts.
    • Authorize with Db2 groups - Add administrator users and non-administrator users into appropriate groups. Remember the group names.
    • Authorize with Db2 UDFs - Grant execute privileges of Db2 UDFs to new user accounts. Sample SQL statements are found in the file grant_udf_sql.
    • Authorize with Db2 roles - Grant Db2 roles to new user accounts. Sample SQL statements are found in the file grant_role_sql. Replace the role names in the SQL statements.
    • Authorize with Db2 authorities - Grant Db2 authorities to new user accounts. Sample SQL statements are found in the file grant_authority_sql. Replace the authority names in the SQL statements.
  6. Configure repository authentication through the web page of IBM Db2 Data Management Console. Navigate to 'Authentication Setting' page.
    1. Login with setup administrator account.
    2. Select 'Repository' as authentication method. Click 'Next'.
    3. Select role mapping method and specify the Db2 groups, UDFs, roles or authorities which you granted to administrator and non-administrator users previously.
    4. Test a known account.
    5. Save the configuration and enable repository authentication.
    6. Logout.

    For more details, refer to Delegating authentication and authorization to a repository database.