To each user of the web console, you will first grant access to the web console, and then grant access to the specific tasks the user will perform using the web console.
The first tier of user access is to the web console. The web console products provide the repository database authentication method for access to the web console. All users that are allowed to connect to the repository database can be granted access privileges to the web console.
To set up web console access, you must ensure that the repository database is set-up with an authentication method such as local operating system, Lightweight Directory Access Protocol (LDAP), or NIS+.
For example, if you want to use LDAP to authenticate users through the repository database, you must ensure that the DB2 instance on which you install the product is configured to use LDAP authentication (see Using LDAP with repository database authentication).
Use the Console Security page of the web console to grant web console privileges such as Viewer or Administrator to each user that is defined for the repository database. Both Viewer and Administrator privileges allow a user to log on to the web console, but only users with Administrator privileges can change global settings.
The second tier of user access is to the different types of data and task permitted for a specific database. You grant these privileges to users of an individual database on the Grant and Revoke tab of the Manage Privileges page. These privileges, which might include the Can Monitor privilege, the Can Manage Alerts privilege, and the Can Manage Jobs privilege, apply only after the user logs in to the web console.
An administrator can use the Enable and Disable tab of the Manage Privileges page to configure the requirement for the various privileges for each database. If a privilege requirement is disabled for a database, all web console users can do actions that are normally restricted by that privilege. For example, if the Can Manage Jobs privilege requirement is disabled, all web console users can create and manage jobs.
For example, to force an application from the Current Application Connections page, the user ID used to connect to the database must have at least SYSADM, SYSCTRL, or SYSMAINT authority on that database.