Sun Identity Manager 8.1 Resources Reference

Adapter Details

Use this adapter to support user accounts for logging into DB2. If you have a custom DB2 table, see Chapter 10, Database Table for information about using the Resource Adapter Wizard to create a custom DB2 table resource.

Resource Configuration Notes

DB2 offers two types of JDBC access, each of which requires a different driver.

Identity Manager Installation Notes

The DB2 resource adapter is a custom adapter. You must perform the following steps to complete the installation process:

ProcedureInstalling the DB2 Resource Adapter

  1. To add this resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page.


    com.waveset.adapter.DB2ResourceAdapter
  2. Unzip the Db2\java\db2java.zip file.

  3. Copy the db2java.jar file to the InstallDir\idm\WEB-INF\lib directory.

Usage Notes

DB2 performs authentication externally and authorization internally. Authentication is performed through an accountID/password that is passed on to an external certifier. By default, the operating system performs the authentication, but other programs can be used for this purpose.

Authorization is done by mapping the accountID internally to various permissions at the database, index, package, schema, server, table, and/or table space level. Granting authorization does not automatically authenticate the accountID. (Thus, you can authorize nonexistent accounts.) Revoking authorization does not remove publicly available authority from an accountID.

In general, you should place the DB2 application in a resource group that also includes the machine upon which it is installed.

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager uses JDBC over SSL to communicate with the DB2 adapter.

Required Administrative Privileges

The administrator must have SYSADM authority to grant DBADM authority. To grant other authorities, either DBADM or SYSADM authority is required.

Provisioning Notes

The following table summarizes the provisioning capabilities of this adapter.

Feature  

Supported?  

Enable/disable account 

No 

Rename account 

No 

Pass-through authentication 

No 

Before/after actions 

No 

Data loading methods 

Import from resource 

Account Attributes

The following table lists the DB2 user account attributes. All attributes are Strings.

Resource User Attribute  

Description  

accountId

Required. 

grants

Required. 

Any comma-separated list of valid grants. For example: 

CONNECT ON MySchema.MyTable,DELETE ON MySchema.MyTable,INSERT ON MySchema.MyTable,SELECT ON MySchema.MyTable,UPDATE ON MySchema.MyTable

Resource Object Management

None

Identity Template

$accountId$

Sample Forms

None

Troubleshooting

Use the Identity Manager debug pages to set trace options on the following class:

com.waveset.adapter.DB2ResourceAdapter