Scenario: Managing access and privileges for web console users

In this scenario, Abby, a database administrator for Sample Company uses a DB2® repository database with LDAP user management to give users of the company access to the web console and to grant the users the required privileges to work with the product.
To complete the parts of the scenario, Abby uses the following pages of the web console:
Abby is a database administrator for the Sample Company with responsibility for granting access to the web console to her coworkers. Abby's coworkers can be grouped into three categories with different roles and different needs to access the web console:

Abby begins the configuration by creating a DB2 database that is dedicated to serve as the repository database. The repository database stores configuration settings and runtime data such as alert settings, jobs, and job history. Abby is an administrative user for the database and adds all users in the Administrator, Developer, and User categories as users of that database by configuring DB2 to use LDAP for the database server, and by creating LDAP groups for Administrator, Developer, and User.

Abby then installs Data Studio web console, and logs in to the web console in single-user mode as the default administrative user that is created when she installed the product.

Next Abby uses the Configuration Repository page in the Data Studio web console to select the new DB2 database as the repository database. After that, Abby configures the web console for multi-user mode by selecting repository database authentication to allow the repository database users to log in to the web console.

Abby uses the Console Security page to grant the users of the Administrator, Developer, and User groups access to the web console. Abby grants the Administrator group administrator rights on the web console, grants the Developers group operator rights, and grants the User group viewer rights. The users in those groups can now to log in to the web console with administrative or viewing rights.

Abby now uses the Databases page to add the required databases to the web console. Abby needs the connection information for each database, including a user ID and password for a user that has at least CONNECT authority on that database.
Tip: Initially, as the only database administrator for the repository database, Abby is the only user that can add database connections. By adding users to the Administrator and Developer groups, Abby can allow those users to add new database connections, and to grant other web console users permissions on the individual databases.

Finally, Abby uses the Manage Privileges page to give the Administrator and Developer groups the permissions that are required to monitor health and manage jobs by granting them Is Database Owner, Can Monitor and Can Manage Jobs rights on individual databases.


Feedback