Migrate local authorization user accounts
This task is about migrating repository user accounts with the role managed by IBM Data Server Manager into IBM Db2 Data Management Console.
Before you begin
Ensure to complete the upgrade process.
Procedure
- Find the installation directory of IBM Db2 Data Management Console. Navigate to the
utility folder.
cd ./dsmmigscripts
- Run the script file for your respective
platform.
oruser_migration.sh <DSM_install_path>
user_migration.bat <DSM_install_path>
where <DSM_install_path> is the absolute path of IBM® Data Server Manager install directory.
- (Optional) Check the log details of this migration. The log file
UserUtils.0
is located underlogs
folder of IBM Db2 Data Management Console installation directory. - Check the new intermediate files generated in the below folder.
<DMC_install_path>/Config/user_migration/
where
<DMC_install_path>
is the install directory of IBM Db2 Data Management Console. This directory contains the following files:- File
dsm_admin_users
contains user names of all administrator user accounts. You can use it to validate administrator users or as a reference when you want to manually migrate user accounts. - File
dsm_nonadmin_users
contains user names of all non-administrator user accounts. You can use it to validate non-administrator users or as a reference when you want to manually migrate user accounts. - File
grant_udf_sql
contains sample SQL statements which could be used to grant Db2 UDF execute privileges to the new users created in the repository database. - File
grant_role_sql
contains sample SQL statements which could be used to grant Db2 roles to the new users created in the repository database. - File
grant_authority_sql
contains sample SQL statements which could be used to grant Db2 authorities to the new users created in the repository database.
- File
- Choose an authorization method and grant appropriate Db2 privileges to the new user
accounts.
- Authorize with Db2 groups - Add administrator users and non-administrator users into appropriate groups. Remember the group names.
- Authorize with Db2 UDFs - Grant execute privileges of Db2 UDFs to new user accounts. Sample SQL
statements are found in the file
grant_udf_sql
. - Authorize with Db2 roles - Grant Db2 roles to new user accounts. Sample SQL statements are found
in the file
grant_role_sql
. Replace the role names in the SQL statements. - Authorize with Db2 authorities - Grant Db2 authorities to new user accounts. Sample SQL
statements are found in the file
grant_authority_sql
. Replace the authority names in the SQL statements.
- Configure repository authentication through the web page of IBM Db2 Data Management
Console. Navigate to 'Authentication Setting' page.
- Login with setup administrator account.
- Select 'Repository' as authentication method. Click 'Next'.
- Select role mapping method and specify the Db2 groups, UDFs, roles or authorities which you granted to administrator and non-administrator users previously.
- Test a known account.
- Save the configuration and enable repository authentication.
- Logout.
For more details, refer to Delegating authentication and authorization to a repository database.