Required user privileges in installation scenarios

When you are planning to install IBM Spectrum Control, there are users to consider for the installation.

These are the users to consider:

Application administrator
The user who logs in to the operating system and does the installation of IBM Spectrum Control.
Common user
The user that you set during the installation of IBM Spectrum Control. The user name that is used to run IBM Spectrum Control.
Important: You set the common user for IBM Spectrum Control during the initial installation of the product. When that common user is set, it cannot be changed during the life of that IBM Spectrum Control system. For example, if you set the common user to be db2admin during the initial installation of IBM Spectrum Control on a Windows operating system, then the db2admin user is the constant common user for that particular IBM Spectrum Control system.
Db2®® user
The user that you set during the installation of IBM Spectrum Control. The user name that is used to install and operate the database repository for IBM Spectrum Control.

There are user privileges that are required in various IBM Spectrum Control installation scenarios.

Important: The required user privileges for Common User and Db2 user cannot be changed or removed after you complete the installation of IBM Spectrum Control. You can change the required user privileges for the Application administrator after that user completes the installation of IBM Spectrum Control, but only if the Application administrator is not set as the Common User or Db2 user in IBM Spectrum Control.
The following table shows the required user privileges in IBM Spectrum Control installation scenarios:
Table 1. Required user privileges for an IBM Spectrum Control installation
Installation scenario Required privilege
Setting only the Common User, single-server installation, not in a Windows domain environment

Application administrator:

Windows operating system: You must be an Administrator and must have the Debug programs privilege and must not have the Deny access to this computer from the network privilege in the Windows operating system security policy. These privileges can be found in Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment

Linux® operating system: You must be a root user or a non-root user with sudo privileges.

AIX® operating system: You must be a root user or a non-root user with sudo privileges.

Common user:

Windows operating system: A member of the local Administrators group, a member of the local Db2 groups (typically DB2ADMNS and DB2USERS).

Linux operating system: A member of the root group, a member of the Db2 group (typically db2iadm1).

AIX® operating system: member of the system group, member of the Db2 group (typically db2iadm1).

Setting the Common User and Db2 user, single-server installation, not a Windows domain environment

Application administrator:

Windows operating system: You must be an Administrator and must have the Debug programs privilege and must not have the Deny access to this computer from the network privilege in the Windows operating system security policy. These privileges can be found in Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment

Linux operating system: You must be a root user or a non-root user with sudo privileges.

AIX operating system: You must be a root user or a non-root user with sudo privileges.

Common User:

Windows operating system: A member of the local Administrators group.

Linux operating system: A member of the root group.

AIX operating system: A member of the system group.

Db2 user:

Windows operating system: A member of the local Db2 groups (typically DB2ADMNS and DB2USERS).

Linux operating system: A member of the Db2 group (typically db2iadm1).

AIX operating system: A member of the Db2 group (typically db2iadm1).

Setting only the Common User, single-server installation, in a Windows domain environment with Db2 installed so the Db2 instance owner (typically db2admin) is a domain user and the Db2 groups (typically DB2ADMNS and DB2USERS) are domain groups.

Application administrator:

You must be an Administrator and must have the Debug programs privilege and must not have the Deny access to this computer from the network privilege in the Windows operating system security policy. These privileges can be found in Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment

Common user:

A member of the local Administrators group, a member of the domain Db2 groups (typically DB2ADMNS and DB2USERS; these groups are stored in the domain Active Directory).

Setting the Common User and Db2 user, single-server installation, in a Windows domain environment with Db2 installed so the Db2 instance owner (typically db2admin) is a domain user and the Db2 groups (typically DB2ADMNS and DB2USERS) are domain groups.

Application administrator:

You must be an Administrator and must have the Debug programs privilege and must not have the Deny access to this computer from the network privilege in the Windows operating system security policy. These privileges can be found in Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment

Common User: A member of the local Administrators group.

Db2 user: A member of the domain Db2 groups (typically DB2ADMNS and DB2USERS; these groups are stored in the domain Active Directory).

Setting only the Db2 user, multiple server installation (Database repository), not in a Windows domain environment.

Application administrator:

Windows operating system:

You must be an Administrator and must have the Debug programs privilege and must not have the Deny access to this computer from the network privilege in the Windows operating system security policy. These privileges can be found in Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment

Linux operating system: Must be a root user or a non-root user with sudo privileges.

AIX operating system: Must be a root user or a non-root user with sudo privileges

Db2 user:

Windows operating system: A member of the local DB2® groups (typically DB2ADMNS and DB2USERS).

Linux operating system: A member of the DB2 group (typically db2iadm1).

AIX operating system: A member of the DB2 group (typically db2iadm1).

Setting only the Common User, multiple server installation (IBM Spectrum® Control Servers), not in a Windows domain environment.

Application administrator:

Windows operating system:

You must be an Administrator and must have the Debug programs privilege and must not have the Deny access to this computer from the network privilege in the Windows operating system security policy. These privileges can be found in Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment

Linux operating system: Must be a root user or a non-root user with sudo privileges.

AIX operating system: Must be a root user or a non-root user with sudo privileges.

Common user:

Windows operating system: A member of the local Administrators group.

Linux operating system: A member of the root group.

AIX operating system: A member of the system group.

Setting only the Db2 user, multiple server installation (Database repository), in a Windows domain environment with Db2 installed so the Db2 instance owner (typically db2admin) is a domain user and the Db2 groups (typically DB2ADMNS and DB2USERS) are domain groups.

Application administrator:

You must be an Administrator and must have the Debug programs privilege and must not have the Deny access to this computer from the network privilege in the Windows operating system security policy. These privileges can be found in Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment

Db2 user:

A member of the domain Db2 groups (typically DB2ADMNS and DB2USERS; these groups are stored in the domain Active Directory).

Setting only the Common User, multiple server installation (IBM Spectrum Control Servers), in a Windows domain environment.

Application administrator:

You must be an Administrator and must have the Debug programs privilege and must not have the Deny access to this computer from the network privilege in the Windows operating system security policy. These privileges can be found in Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment

Common user:

A member of the local Administrators group.