Authorizing access to the databases

When you have created a broker database, you must authorize the owning component to access it. When you invoke the mqsicreatebroker command, you must specify at least one ID for runtime authorization; you can specify a second ID specifically for database connect authorization. If you do not specify the second ID, the component uses its runtime ID (the service user ID) for database access as well.

You specify the service user ID and its password with the -i and -a flags, and the optional database connection ID and password with the -u and -p flags.

The way that you authorize access depends on the database you are using, and the platform on which you have created it.

DB2 authorization

To authorize access to a DB2 database on Windows:

  1. Start the DB2 Control Center, if it is not already active.
  2. Expand the object tree until you find the database you created for the broker.
  3. Expand the tree under this database and select the User and Group Objects folder. The DB Users and DB Groups folders are displayed in the right pane.
  4. Right-click the DB Users folder in the right pane and select Add. The Add User notebook opens.
  5. Select the user ID you want to authorize to access the database (for example, mqsiuid) from the drop-down list. The ID you select must be the user ID that you specify to be used for database access when you create the broker. The drop-down list contains all user IDs that are defined to Windows. If you cannot see the user ID you specified in the command, you must define it before you can give it authority.
  6. Select the appropriate options from the choices in the box labelled Choose the appropriate authorities to grant to the selected user for the database. These are:
    • Connect database
    • Create tables
    • Create packages
    • Register functions to execute in database manager's process
  7. Click OK. The authorities are granted. The dialog closes.
  8. Close the DB2 Control Center.

If you prefer, you can use the command line commands shown below for UNIX platforms (for a broker database); the commands are the same on Windows.

To authorize access to a DB2 database on Linux and UNIX:

  1. Connect to the database with a user ID that has DB2 system administration (SYSADM or DBADM) authority (substitute the correct database and ID in this command):
    db2 connect to broker_db user SysAd_id
  2. Issue the following command to grant the required privileges to the user ID that the broker will use to connect to the database (substitute the correct ID for your broker in this command if you are not using the sample mqsiuid):
    db2 grant connect, createtab, bindadd, create_external_routine on database to user mqsiuid

If you need further guidance about any of these tasks, use the online help facility of the DB2 Control Center. Your database administrator might also be able to offer advice and assistance.

Oracle authorization

To authorize access to an Oracle database:

  1. Logon to the database using SQL*Plus as the Oracle DBA (database administrator).
  2. Modify the privileges of the user ID that you have specified for database connection to ensure that the broker can successfully access the database. The user ID needs quota in its tablespaces and sufficient privilege to allow the creation of, and updates to, the broker tables:
    GRANT CREATE SESSION TO dbid;
    GRANT CREATE TABLE TO dbid;

If you expect to deploy message flows that participate in coordinated transactions to a broker, you must provide additional authorization. This task is described in Configuring databases for coordinated message flows.

For further information, refer to the Oracle documentation, or consult your database administrator.

Related concepts
Message flow transactions