Delegating authentication and authorization to a repository database
Selecting 'Repository' as authentication type on 'Authentication Setting' page can delegate both authentication and authorization of IBM® Db2® Data Management Console to the repository database. While the repository database itself can delegate its own authentication to another system like LDAP or Kerberos.
A user account of repository database will be introduced as a console user account only if the console connects to the repository database with its credentials and this user account can obtain at least one role (console privilege) by any kind of role mapping rule which is based on database authority, role or privilege.
The precondition of this configuration task is that a repository database has already been properly configured in IBM Db2 Data Management Console.
User account authentication is handled by creating a JDBC connection to a repository database with user credentials. A repository database will handle the authentication by itself or delegate it to other systems.
In this repository authentication configuration task, rules for mapping a database user into a console role would be defined.