User, user ID and group names must follow naming guidelines.
Table 1. User, user ID and group naming rulesObjects |
Guidelines |
- Group names
- User names
- User IDs
|
- Group names must be less than or equal to
the group name length listed in SQL
and XML limits.
- User IDs on Linux and UNIX operating systems can contain
up to 8 characters.
- User names on Windows can
contain up to 30 characters.
- When not using Client authentication,
non-Windows 32-bit clients connecting to Windows with user names longer than the user
name length listed in SQL
and XML limits are supported when the user name and password
are specified explicitly.
- User names, group names, and authorization or user
IDs cannot:
- Be USERS, ADMINS, GUESTS, PUBLIC, LOCAL or any SQL reserved word
- Begin with IBM,
SQL or SYS.
|
Note: - Some operating systems allow case sensitive user IDs and passwords.
You should check your operating system documentation to see if this
is the case.
- The authorization ID returned from a successful
CONNECT or ATTACH is truncated to the authorization name length listed
in SQL and XML limits. An ellipsis (...) is appended to the
authorization ID and the SQLWARN fields contain warnings to indicate
truncation.
- Trailing blanks from user IDs and passwords are removed.
- Restrictions on the AUTHID
identifier: In DB2® Version
9.5 and later, you can have a 128-byte authorization ID. However,
when the authorization ID is interpreted as an operating system user
ID or group name, the operating system naming restrictions apply.
For example, the Linux and UNIX operating systems can contain
up to 8 characters and the Windows operating
systems can contain up to 30 characters for user IDs and group names.
Therefore, while you can grant a 128-byte authorization ID, you cannot
connect as a user that has that authorization ID. If you write your
own security plug-in, you can use the extended sizes for the authorization
ID. For example, you can give your security plug-in a 30-byte user
ID and it returns a 128-byte authorization ID during authentication
that you can connect to.