IBM Integration Bus, Version 10.0.0.0 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS


Securing database connections

Set up security for a database connection, whether it is required by the database provider or optional.

Before you begin

About this task

Some databases require that all access is associated with a known user ID, for others this association is optional. For example, DB2® requires a data source login name and password on all connections.

Use the mqsisetdbparms command to specify a user ID and password that the integration node can use to access each database. The values for user ID and password are platform specific:

  1. Windows platformOn Windows: The integration node service ID and password that you specified on the mqsicreatebroker command.
  2. Linux platformUNIX platformOn Linux and UNIX: The user ID mqsiUser and password ******** (these values are fixed).
  3. z/OS platformOn z/OS®: The user ID "" and password "".

If you migrated your integration node from a previous release, the integration node accessed a database for its own use. You might have defined the user ID and password used to access that database by specifying a database connection user ID and password with the -u and -p parameters on the mqsicreatebroker command. Alternatively, you might have used the integration node service user ID and its password (specified with the -i and -a parameters on the same command). When you migrate the integration node, these parameters are migrated and stored, and are used by the migrated integration node for access to databases that do not have specific ID access defined. If you want to check what user ID you set, or test that the password for a specific user ID is what you expect, you can use the mqsireportdbparms command.

Steps for setting up security are specific to the type of database connection that you are using. Choose your database connection type to see the steps:

ODBC connections

About this task

If your ODBC data source requires you to define secure access, or if you want to implement security where this is optional, complete the following steps:

Procedure

  1. Identify the user IDs that you want to associate with the database connection, or create a user ID with a password, following the appropriate instructions for your operating system and database.
  2. Define the user IDs and passwords that the integration node can use to access a particular data source.
  3. Run the mqsisetdbparms command to create user IDs and passwords that can be used to access the data source from an integration node. Use the following format:
    mqsisetdbparms integrationNodeName -n data_source_name -u 
    database_userID -p database_userID_password

Results

You have secured access to your ODBC data source.

JDBC connections

About this task

If your JDBC database requires you to define secure access, or if you want to implement security where this is optional, complete the following steps:

Procedure

  1. Identify the user ID that you want to associate with the database connection, or create a user ID with a password, following the appropriate instructions for your operating system and database.
  2. Define a default user ID and password that the integration node can use if you do not define specific values for a particular database.
    1. Run the mqsisetdbparms command to associate the user ID and password with the security identity that is associated with the database. Use the following command format:
      mqsisetdbparms integrationNodeName -n security_identity -u userID -p password
    2. Specify the database connection type in the -n parameter. For example, if you want user ID myuserid with a password of secretpw to access a database on integration node INODE1, run the following command:
      mqsisetdbparms INODE1 -n jdbc::mySecurityIdentity -u myuserid -p secretpw

      In the example, the mySecurityIdentity is prefixed with jdbc:: to indicate the type of the connection for which the user ID and password are defined.

    3. Optional: If you want to use the same user ID and password for more than one database, you can specify a resource name on this command, as shown in the following example:
      mqsisetdbparms INODE1 -n jdbc::JDBC -u defaultuid -p defaultpw
  3. Update the corresponding securityIdentity property for the configurable service to associate the connection with the security identity that you have defined. Use the following command format:
    mqsichangeproperties integrationNodeName -c JDBCProviders -o service_name -n securityIdentity -v security_identity
    For example, if you are using the supplied JDBCProvider definition for Oracle:
    mqsichangeproperties INODE1 -c JDBCProviders -o Oracle -n securityIdentity -v mySecurityIdentity

Results

You have secured access to your JDBC databases. If you need to define user credentials that can be shared across a business area or account, you can reuse the same security identity that you defined in the previous steps in different JDBCProviders configurable services.

ah61320_.htm | Last updated 2015-03-27 19:26:48