Installing and configuring the database server

You must install the database server first before installing the IBM® Security Privileged Identity Manager virtual appliance.

1. Create the database instance.
   1. Create an operating system user. For example, piminstu.

      For Windows:

      Add the operating system user piminstu as a member of the following groups:

      • DB2ADMNS
      • DB2USERS

      Tip: For more information, see the operating system documentation and search for adding users to groups Windows.

      For Linux:

      Add this user to the root group and set the root group as the primary group for user piminstu:

      useradd -g root piminstu

   2. Change the password for user piminstu:
      Note:

      • For Windows users, this step is not applicable if you have set your password to Never Expire in the previous step.
      • This step is compulsory for Unix and Linux users.

      For example, on Unix and Linux:

      passwd piminstu

      For example, on Windows:

      net user piminstu *

   3. Run the following command to create a database instance:

      For Windows:

      DB2_Install_Location\bin\db2icrt -u piminstu piminstname

      For Linux:

      DB2_Install_Location/instance/db2icrt -u piminstu piminstname

      where

      DB2_Install_Location is the DB2 installation directory.

      piminstu is the user.

      piminstname is the name of the database that you are creating. For example: piminst

   4. Start the DB2 instance.

      For Windows:

      In the command line, complete the following tasks:

      • Run set DB2INSTANCE=piminst, where piminst is the database instance.
      • Run db2cmd to start the DB2 command line.
      • Run db2start.

      For Linux:

      • Run su - piminst
      • Run db2start.

   5. Run the following commands to set up the DB2 instance:
      • db2 update dbm cfg using SVCENAME port, where port is the port on which you want your database server to listen. For example: 50050
      • db2set DB2COMM=tcpip
      • db2set -all DB2COMM
      • db2stop
      • db2start
2. Create the database.

   IBM Security Privileged Identity Manager uses three separate databases for the three data stores: Identity, Sign-On, and Session Recording.

   To create a database, take the following actions:

   Important: Run db2cmd as the user who owns the instance. If you run db2cmd as a user who is not the instance owner, you give rights only to the current user.
   1. Start the DB2 instance.
      Note: Type the following commands as the instance owner.

      For Windows:

      • Launch the command line as the instance owner by using the runas command.
      • Run set DB2INSTANCE=piminst, where piminst is the database instance that you want to create.
      • Run db2cmd to start the DB2 command line.
      • Run db2start.

      For Linux:

      • Run su - piminst, where piminst is the database instance.
      • Run db2start.

   2. In the DB2 command line, type the following example commands as the instance owner.
      Note: If you are unable to run the commands as the instance owner, run them as a database admin user and proceed to Step 3.

      For the Identity data stores

      db2 create db idmdb using codeset utf-8 territory us pagesize 32 K

      For the Single Sign-On data stores

      db2 create db essodb using codeset utf-8 territory us pagesize 32 K

      For the Session Recording data stores

      db2 create db psrdb using codeset utf-8 territory us pagesize 32 K

      Note: Single Sign-On and Session Recording data stores with 8k or 32k page sizes are acceptable.
   3. Create a temporary table space with the following command:

      db2 connect to psrdb 
      db2 create user temporary tablespace systoolstmpspace 
          pagesize 32 k managed by automatic storage bufferpool ibmdefaultbp

      Note: The temporary table space page size must match the pagesize of the data stores in the earlier step.
3. Grant permissions.
   Note: This is only applicable if databases are created by using a database admin.

   If the databases are created by using another Administrator or SYSADMIN account (in this example db2admin is used), run the following commands to grant certain accesses to the instance owner on the data stores

   1. Grant database administration rights to all databases.

      db2 connect to idmdb user db2admin using password
      db2 GRANT DBADM, SECADM ON DATABASE TO USER piminstu
      db2 disconnect current
      
      db2 connect to psrdb user db2admin using password
      db2 GRANT DBADM, SECADM ON DATABASE TO USER piminstu
      db2 disconnect current 
      
      db2 connect to essodb user db2admin using password
      db2 GRANT DBADM, SECADM ON DATABASE TO USER piminstu
      db2 disconnect current 
      
      db2stop
      db2start

   2. Grant archiving rights to the Privileged Session Recorder database.

      db2 connect to psrdb user db2admin using password
      db2 grant execute on module sysibmadm.utl_file to user piminstu with
      grant option
      db2 grant execute on module sysibmadm.utl_dir to user piminstu with
      grant option