WebSphere Message Brokers
File: ah14460_
Writer: Kate Hostler

Task topic

This build: July 31, 2007 21:30:14

Authorizing access to the databases

When you have created a database, you must authorize the broker to access it. When you run the mqsicreatebroker command, you must specify at least one user ID for runtime authorization (the service user ID); you can specify a second user ID specifically for the broker to use when connecting to databases (the data source user ID). If you do not specify a separate data source user ID for connecting to databases, the broker uses its service user ID for database access as well.

The user ID that the broker uses to access databases must have the following authorizations:
  • The user ID must be authorized to connect to the database.
  • Before you can create a broker, the user ID must have authorization to create tables in the broker database.
  • The user ID must have appropriate privileges on the user database objects that are accessed by the message flow application; for example, tables, procedures, and indexes.

You specify the service user ID and its password with the -i and -a flags, and the optional database connection user ID and password with the -u and -p flags.

The way that you authorize access depends on the database manager you are using, and the platform on which you have created it. This topic provides instructions for the DB2 and Oracle database managers:

DB2 authorization

To authorize access to a DB2 database using the DB2 Control Center:

  1. Start the DB2 Control Center.
  2. Expand the object tree until you find the database that you created for the broker.
  3. Expand the tree under the database then click the User and Group Objects folder. The DB Users and DB Groups folders are displayed in the right pane.
  4. In the right pane, right-click the DB Users folder then click Add. The Add User notebook opens.
  5. From the list, click the user ID that you want to authorize to access the database (for example, mqsiuid). The user ID that you select must be the user ID that you specify to be used for database access when you create the broker. The user ID must exist on the operating system before you can select it; if it does not exist, define the user ID on the operating system.
  6. Select the appropriate options from the choices in the dialog that is labelled Choose the appropriate authorities to grant to the selected user for the database. The available options are:
    • Connect database
    • Create tables
    • Create packages
    • Register functions to execute in database manager's process
  7. Click OK. The authorities are granted. The dialog closes.
  8. Close the DB2 Control Center.

If you prefer, you can use the following commands instead of using the DB2 Control Center.

To authorize access to a DB2 database:

  1. Connect to the database with a user ID that has DB2 system administration (SYSADM or DBADM) authority (substitute the correct database and ID in this command):
    db2 connect to broker_db user SysAd_id
  2. Issue the following command to grant the required privileges to the user ID that the broker will use to connect to the database (substitute the correct ID for your broker in this command if you are not using the sample mqsiuid):
    db2 grant connect, createtab, bindadd, create_external_routine on database to user mqsiuid

For more information, see the documentation that is supplied with the DB2 Control Center. Your database administrator might also be able to offer advice and assistance.

Next, return to the instructions in Configuring databases.

Oracle authorization

You must have database administrator (DBA) privileges to authorize access to an Oracle database.

To authorize access to an Oracle database:

  1. Log on as the Oracle DBA (database administrator) to the database using SQL*Plus.
  2. Modify the privileges of the user ID that you have specified for database connection to ensure that the broker can successfully access the database. The user ID needs quota in its tablespaces and sufficient privilege to allow the creation of, and updates to, the broker tables:
    GRANT CREATE SESSION TO dbid;
    GRANT CREATE TABLE TO dbid;

If you expect to deploy message flows that participate in globally coordinated transactions to a broker, you must provide additional authorization. For more information, see Configuring databases for global coordination of transactions.

For further information, refer to the Oracle documentation.

Next, return to the instructions in Configuring databases.
Related concepts
Message flow transactions
Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2007Copyright IBM Corporation 1999, 2007. All Rights Reserved.
This build: July 31, 2007 21:30:14

ah14460_ This topic's URL is: