User roles

These are the different roles and authorizations for users of Net Search Extender:

DB2 instance owner

The DB2 instance owner user can start and stop the instance services for DB2 Net Search Extender and control the locking services. In addition, the DB2 instance user becomes DBADM for each enabled database. This enables a central point of control for all database changes driven by DB2 Net Search Extender.

Required DB2 authorizations
DBADM is granted on ENABLE DATABASE.
Required file system authorizations
Read and write access for all text index directories and read access to model files.
Commands for the instance owner
DB2TEXT START, DB2TEXT STOP, and DB2TEXT CONTROL.

The commands are only allowed on the server. In a distributed DB2 environment, this can be any of the servers. Each command checks if the user running the command is the DB2 instance owner. Note that using a separate fenced user ID on UNIX systems does not influence Net Search Extender processing in terms of authorization or performance.

Database administrators

Database administrators can enable and disable databases for use with DB2 Net Search Extender.

Required DB2 authorizations
DBADM (SYSADM for ENABLE DATABASE).
Commands for the database administrator
DB2TEXT ENABLE DATABASE and DB2TEXT DISABLE DATABASE.
Text table owners

The text table owner can create, drop, and change indexes. Note that they must be able to control the location of indexes and updates to the full-text indexes.

Required DB2 authorizations and privileges
Owner of text table.
Commands for the text table owner:
DB2TEXT CREATE INDEX, DB2TEXT DROP INDEX, DB2TEXT ALTER INDEX, DB2TEXT ACTIVATE CACHE, DB2TEXT DEACTIVATE CACHE, DB2TEXT UPDATE INDEX, DB2TEXT CLEAR EVENTS, and DB2EXTTH.

Note that the command implementation partially runs under the user ID of the DB2 instance owner. Therefore, grant the instance owner the necessary file system access before creating or altering the text indexes.