In this scenario, Abby, a database administrator
for Sample Company uses a DB2® repository
database with LDAP user management to give users of the company access
to the web console and to grant the users the required privileges
to work with the Data Studio web console product.
To complete
the parts of the scenario, Abby uses the following web console pages
of
Data Studio web console:
- Configuration Repository
- Console Security
- Database
Abby is a database administrator for the Sample Company with responsibility
for installing and managing a
Data Studio web console server,
and granting access to the product web console to her coworkers. Abby's
coworkers can be grouped into three categories with different roles
and different needs to access the web console:
- The Admin category consists of database administrators that need
information about the health and availability of the databases that
they manage.
- The Developer category consists of database application developers
that need to configure administrative jobs on a number of databases.
- The User category makes up the remainder of Abby's co-workers,
who need only basic login rights to the web console and who do not
need any administrative rights.
Abby begins the configuration by creating a DB2 database that is dedicated
to serve as the repository database for the Data Studio web console.
The repository database stores configuration settings and runtime
data such as alert settings, jobs, and job history. Abby is an administrative
user for the database and adds all users in the Admin, Developer,
and User categories as users of that database by configuring DB2 to use LDAP for the
database server, and by creating LDAP groups for Admin, Developer,
and User.
Abby then installs Data Studio web console, and logs in to
the web console in single-user mode as the default administrative
user that is created when she installed the product.
Next Abby uses the Configuration Repository page
in the Data Studio web console to select
the new DB2 database
as the repository database. After that, Abby configures the web console
for multi-user mode by selecting repository database authentication
to allow the repository database users to log in to the web console.
Abby uses the Console Security page to grant
the users of the Admin, Developer, and User groups access to the web
console. Abby grants the Admin and Developer groups administrator rights
on the web console, and she grants the User group viewer rights.
The users in those groups can now to log in to the web console with
administrative or viewing rights.
Abby now uses the
Databases page to add the
required databases to the web console. Abby needs the connection information
for each database, including a user ID and password for a user that
has at least
CONNECT authority on that database.
Tip: Initially, as the only database administrator for the repository
database, Abby is the only user that can add database connections
to
Data Studio web console.
By granting users in the Admin or Developer groups
INSERT and
DELETE privileges
on the following repository database tables in the
IBMPDQ schema,
Abby can allow those users to add new database connections, and to
grant other web console users permissions on the individual databases.
- MANAGED_DATABASE
- MANAGED_DATABASE_PROPS
- PROFILE
- PROFILE_PROPS
Finally, Abby uses the Manage Privileges page
to give the Admin and Developer groups the permissions that are required
to monitor health and manage jobs by granting them Can Monitor and Can
Manage Jobs rights on individual databases.