DB2 Version 9.7 for Linux, UNIX, and Windows

Domain security support (Windows)

The following example illustrates how the DB2® database management system can support Windows domain security. The connection works because the user name and local group are on the same domain.

The connection works in the following scenario because the user name and local or global group are on the same domain.

Note that the user name and local or global group do not need to be defined on the domain where the database server is running, but they must be on the same domain as each other.

Table 1. Successful Connection Using a Domain Controller
Domain1 Domain2
A trust relationship exists with Domain2.
  • A trust relationship exists with Domain1.
  • The local or global group grp2 is defined.
  • The user name id2 is defined.
  • The user name id2 is part of grp2.
The DB2 server runs in this domain. The following DB2 commands are issued from it: 
   REVOKE CONNECT ON db FROM public
   GRANT CONNECT ON db TO GROUP grp2
   CONNECT TO db USER id2
  
The local or global domain is scanned but id2 is not found. Domain security is scanned.  
  The user name id2 is found on this domain. DB2 gets additional information about this user name (that is, it is part of the group grp2).
The connection works because the user name and local or global group are on the same domain.  
Parent topic: User authentication and group information with DB2 on Windows