Authorizing access to broker databases

When you have created a broker database, you must authorize the broker and its execution groups to access it.

Before you start: create the databases.

When you run the mqsicreatebroker command, you must specify at least one user ID for runtime authorization (the service user ID); you can optionally specify a second user ID that the broker uses when connecting to databases (the data source user ID). If you do not specify a separate data source user ID for connecting to databases, the broker uses its service user ID for database access as well.

You specify the service user ID and its password with the -i and -a parameters, and the optional database connection user ID and password with the -u and -p parameters.

Start of changeIf you want to use a different user ID and password for a particular database, you can set up or change the authorization by using the mqsisetdbparms command. End of change

Start of changeIf you want to change the service user ID or password, or the data source password, after you have created the broker, use the mqsichangebroker command; you cannot change the data source user ID. End of change

The user ID that the broker uses to access databases must have the following authorizations:
  • The user ID must be authorized to connect to the database.
  • Before you can create a broker, the user ID must have authorization to create tables in the broker database.
  • The user ID must have appropriate privileges on the user database objects that are accessed by the message flow application; for example, tables, procedures, and indexes.

If you expect to deploy message flows that participate in globally coordinated transactions to a broker, you must provide additional authorization. For more information, see Configuring databases for global coordination of transactions.

Start of changeThe way that you authorize access depends on the database manager you are using, and the platform on which you have created the database. The instructions might also vary from release to release of a single database. Consult your database administrator, or see the documentation for the appropriate database when you perform this task.End of change

The following sections provide examples of the steps to complete to provide the required authorization for specific databases:

DB2 authorization

To authorize access to a DB2® database, you can use either the DB2 Control Center or the DB2 command line:

Next: If you have been following the instructions in Configuring broker databases, the next task is Configuring databases for global coordination of transactions.

Oracle authorization

You must have database administrator (DBA) privileges to authorize access to an Oracle database.

To authorize access to an Oracle database:

  1. Log on as the Oracle database administrator (DBA) to the database by using SQL*Plus.
  2. Modify the privileges of the user ID that you have specified for database connection to ensure that the broker can successfully access the database. The user ID needs quota in its tablespaces and sufficient privilege to allow the creation of, and updates to, the broker tables:
    GRANT CREATE SESSION TO dbid;
    GRANT CREATE TABLE TO dbid;
Next: If you have been following the instructions in Configuring broker databases, the next task is Configuring databases for global coordination of transactions.
Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2009Copyright IBM Corporation 1999, 2009. All Rights Reserved.
Last updated : 2009-01-07 15:40:29

ah14460_