Sun Identity Manager 8.1 Resources Reference

Chapter 11 DB2

The DB2 resource adapter is defined in the com.waveset.adapter.DB2ResourceAdapter class.

Adapter Details

Use this adapter to support user accounts for logging into DB2. If you have a custom DB2 table, see Chapter 10, Database Table for information about using the Resource Adapter Wizard to create a custom DB2 table resource.

Resource Configuration Notes

DB2 offers two types of JDBC access, each of which requires a different driver.

Identity Manager Installation Notes

The DB2 resource adapter is a custom adapter. You must perform the following steps to complete the installation process:

ProcedureInstalling the DB2 Resource Adapter

  1. To add this resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page.

  2. Unzip the Db2\java\ file.

  3. Copy the db2java.jar file to the InstallDir\idm\WEB-INF\lib directory.

Usage Notes

DB2 performs authentication externally and authorization internally. Authentication is performed through an accountID/password that is passed on to an external certifier. By default, the operating system performs the authentication, but other programs can be used for this purpose.

Authorization is done by mapping the accountID internally to various permissions at the database, index, package, schema, server, table, and/or table space level. Granting authorization does not automatically authenticate the accountID. (Thus, you can authorize nonexistent accounts.) Revoking authorization does not remove publicly available authority from an accountID.

In general, you should place the DB2 application in a resource group that also includes the machine upon which it is installed.

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager uses JDBC over SSL to communicate with the DB2 adapter.

Required Administrative Privileges

The administrator must have SYSADM authority to grant DBADM authority. To grant other authorities, either DBADM or SYSADM authority is required.

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.



Enable/disable account 


Rename account 


Pass-through authentication 


Before/after actions 


Data loading methods 

Import from resource 

Account Attributes

The following table lists the DB2 user account attributes. All attributes are Strings.

Resource User Attribute  






Any comma-separated list of valid grants. For example: 

CONNECT ON MySchema.MyTable,DELETE ON MySchema.MyTable,INSERT ON MySchema.MyTable,SELECT ON MySchema.MyTable,UPDATE ON MySchema.MyTable

Resource Object Management


Identity Template


Sample Forms



Use the Identity Manager debug pages to set trace options on the following class: