This topic describes the procedure of setting up login mapping by means of trusted
connections.
About this task
When you set up logging mapping for users who connect to Db2 data sources, you may use a
trusted context. Trusted context is an entity created by a database administrator that determines
whether a connection to the database can be used as a trusted connection. The database does not
require individual credentials to authenticate users of such trusted connection. It is very
practical when an administrator has a lot of user credentials to manage. To use a trusted context,
you specify system authorization credentials that were used when creating the trusted context for
the current connection to be recognized as trusted. For users who work over a trusted connection,
you can assign Auth ID attributes that are specified in the trusted context to define their
privileges when connected to the database.
Note: You can only use this option if there is a trusted
context created for the data source.
To set up login mapping for a data source using a
trusted connection:
Procedure
-
Right-click a data source in the Repositories
or the Repository Explorer
view. Select Properties from the menu. The
Properties window opens. Select Login Mapping from the
tree. The Login Mapping page of the window opens.
All users and groups that have been defined for the repository are listed in the
Data source login list. This list is empty if you have not defined any users
or groups.
-
Select the Use trusted connections check box. The System
Authorization Credentials dialog
opens.
-
Enter the system authorization credentials for the connection to be recognized as trusted. In
the ID field, enter the SYSTEM AUTHID specified in the trusted context.
-
Click OK to close the System Authorization
Credentials dialog.
Note: If the entered information is incorrect, an error message is shown to prompt you to try
again.
-
To edit the system authorization credentials, click the Edit system authorization
credentials button.
-
Select the Use repository login if Auth ID is not specified check box if
you want a repository login to be used when an Auth ID is not assigned.
-
To assign an Auth ID or edit an assigned Auth ID, select them in the Data source
login list table and click Edit user account information.
The User Account Information window opens.
-
In the Auth ID field, specify an Auth ID from the list provided by the
trusted context.
-
In the Priority field, specify the priority that will be placed on this
login information. You can enter any numerical value in this field with the value of 1 having the
lowest priority. The Priority value is used to determine which Auth ID will
be invoked for a user that is a member of multiple groups. To find more information about priority,
see Setting up login mapping for a data source.
-
Click OK. The data source login information for the selected user or
group is listed in the Data source login list table as follows:
- Login mapping owner lists the name of the user or group that will use
this login to access the data source. This
is the same name that appears in the Users and groups list box.
- Auth ID specifies the login that is used when a trusted connection is
established.
Note: If the Auth ID is not specified, the repository login will be used. If the login
is not found in the trusted context, a connection error is registered and the user is returned to
the log on dialog.
- Priority specifies the priority that is assigned to the login
information. This priority value determines which Auth ID will be invoked for users that are members
of multiple groups.
You will repeat this process for each user or group for which you want to set up login mapping
information using the trusted context.
-
To delete existing data source login information, select the data source login from the
Data source login list table and click the Remove data source
login button located above the list box.
-
Click OK. The login mapping parameters that you have specified for each
user or group are in effect for the data source. You must set up login mapping information
individually for each data source in the repository.