Adapter Details
Use this adapter to support user accounts for logging into DB2. If you have a custom DB2 table, see Chapter 10, Database Table for information about using the Resource Adapter Wizard to create a custom DB2 table resource.
Resource Configuration Notes
DB2 offers two types of JDBC access, each of which requires a different driver.
-
The application driver (COM.ibm.db2.jdbc.app.DB2Driver) requires local client software and a local database instance.
Because DB2 runs on a separate (often dedicated) host in most production environments, the local database instance usually contains an alias to the remote database instance. In this configuration, the local database instance uses a DB2-specific protocol to communicate with the remote database instance. This type of driver is the default on the DB2 Resource Parameters page.
-
The network driver (COM.ibm.db2.jdbc.net.DB2Driver) does not require local client software or a local database.
This driver does require that the DB2 Java Daemon (db2jd) be running on the target server. (In most production environments, the target server is a separate host, but the network driver works as well with a local database instance.)
This daemon is not started by default, but the database administrator can start it manually or configure it to start automatically when the database instance starts.
Identity Manager Installation Notes
The DB2 resource adapter is a custom adapter. You must perform the following steps to complete the installation process:
Installing the DB2 Resource Adapter
-
To add this resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page.
com.waveset.adapter.DB2ResourceAdapter
-
Unzip the Db2\java\db2java.zip file.
-
Copy the db2java.jar file to the InstallDir\idm\WEB-INF\lib directory.
Usage Notes
DB2 performs authentication externally and authorization internally. Authentication is performed through an accountID/password that is passed on to an external certifier. By default, the operating system performs the authentication, but other programs can be used for this purpose.
Authorization is done by mapping the accountID internally to various permissions at the database, index, package, schema, server, table, and/or table space level. Granting authorization does not automatically authenticate the accountID. (Thus, you can authorize nonexistent accounts.) Revoking authorization does not remove publicly available authority from an accountID.
In general, you should place the DB2 application in a resource group that also includes the machine upon which it is installed.
Security Notes
This section provides information about supported connections and privilege requirements.
Supported Connections
Identity Manager uses JDBC over SSL to communicate with the DB2 adapter.
Required Administrative Privileges
The administrator must have SYSADM authority to grant DBADM authority. To grant other authorities, either DBADM or SYSADM authority is required.
Provisioning Notes
The following table summarizes the provisioning capabilities of this adapter.
|
Feature |
Supported? |
|---|---|
|
Enable/disable account |
No |
|
Rename account |
No |
|
Pass-through authentication |
No |
|
Before/after actions |
No |
|
Data loading methods |
Import from resource |
Account Attributes
The following table lists the DB2 user account attributes. All attributes are Strings.
|
Resource User Attribute |
Description |
|---|---|
|
accountId |
Required. |
|
grants |
Required. Any comma-separated list of valid grants. For example: CONNECT ON MySchema.MyTable,DELETE ON MySchema.MyTable,INSERT ON MySchema.MyTable,SELECT ON MySchema.MyTable,UPDATE ON MySchema.MyTable |
Resource Object Management
None
Identity Template
$accountId$
Sample Forms
None
Troubleshooting
Use the Identity Manager debug pages to set trace options on the following class:
com.waveset.adapter.DB2ResourceAdapter
- © 2010, Oracle Corporation and/or its affiliates