Login mapping for Db2 databases with trusted connections

This topic describes the procedure of setting up login mapping by means of trusted connections.

About this task

When you set up logging mapping for users who connect to Db2 data sources, you may use a trusted context. Trusted context is an entity created by a database administrator that determines whether a connection to the database can be used as a trusted connection. The database does not require individual credentials to authenticate users of such trusted connection. It is very practical when an administrator has a lot of user credentials to manage. To use a trusted context, you specify system authorization credentials that were used when creating the trusted context for the current connection to be recognized as trusted. For users who work over a trusted connection, you can assign Auth ID attributes that are specified in the trusted context to define their privileges when connected to the database.
Note: You can only use this option if there is a trusted context created for the data source.
To set up login mapping for a data source using a trusted connection:

Procedure

  1. Right-click a data source in the Repositories or the Repository Explorer view. Select Properties from the menu. The Properties window opens. Select Login Mapping from the tree. The Login Mapping page of the window opens.
    All users and groups that have been defined for the repository are listed in the Data source login list. This list is empty if you have not defined any users or groups.
  2. Select the Use trusted connections check box. The System Authorization Credentials dialog opens.
  3. Enter the system authorization credentials for the connection to be recognized as trusted. In the ID field, enter the SYSTEM AUTHID specified in the trusted context.
  4. Click OK to close the System Authorization Credentials dialog.
    Note: If the entered information is incorrect, an error message is shown to prompt you to try again.
  5. To edit the system authorization credentials, click the Edit system authorization credentials button.
  6. Select the Use repository login if Auth ID is not specified check box if you want a repository login to be used when an Auth ID is not assigned.
  7. To assign an Auth ID or edit an assigned Auth ID, select them in the Data source login list table and click Edit user account information.
    The User Account Information window opens.
  8. In the Auth ID field, specify an Auth ID from the list provided by the trusted context.
  9. In the Priority field, specify the priority that will be placed on this login information. You can enter any numerical value in this field with the value of 1 having the lowest priority. The Priority value is used to determine which Auth ID will be invoked for a user that is a member of multiple groups. To find more information about priority, see Setting up login mapping for a data source.
  10. Click OK. The data source login information for the selected user or group is listed in the Data source login list table as follows:
    • Login mapping owner lists the name of the user or group that will use this login to access the data source. This is the same name that appears in the Users and groups list box.
    • Auth ID specifies the login that is used when a trusted connection is established.
      Note: If the Auth ID is not specified, the repository login will be used. If the login is not found in the trusted context, a connection error is registered and the user is returned to the log on dialog.
    • Priority specifies the priority that is assigned to the login information. This priority value determines which Auth ID will be invoked for users that are members of multiple groups.
    You will repeat this process for each user or group for which you want to set up login mapping information using the trusted context.
  11. To delete existing data source login information, select the data source login from the Data source login list table and click the Remove data source login button located above the list box.
  12. Click OK. The login mapping parameters that you have specified for each user or group are in effect for the data source. You must set up login mapping information individually for each data source in the repository.