Scenario: Managing access and privileges for web console users

In this scenario, Abby, a database administrator for Sample Company uses a DB2® repository database with LDAP user management to give users of the company access to the web console and to grant the users the required privileges to work with the Data Studio web console product.
To complete the parts of the scenario, Abby uses the following web console pages of Data Studio web console:
Abby is a database administrator for the Sample Company with responsibility for installing and managing a Data Studio web console server, and granting access to the product web console to her coworkers. Abby's coworkers can be grouped into three categories with different roles and different needs to access the web console:

Abby begins the configuration by creating a DB2 database that is dedicated to serve as the repository database for the Data Studio web console. The repository database stores configuration settings and runtime data such as alert settings, jobs, and job history. Abby is an administrative user for the database and adds all users in the Admin, Developer, and User categories as users of that database by configuring DB2 to use LDAP for the database server, and by creating LDAP groups for Admin, Developer, and User.

Abby then installs Data Studio web console, and logs in to the web console in single-user mode as the default administrative user that is created when she installed the product.

Next Abby uses the Configuration Repository page in the Data Studio web console to select the new DB2 database as the repository database. After that, Abby configures the web console for multi-user mode by selecting repository database authentication to allow the repository database users to log in to the web console.

Abby uses the Console Security page to grant the users of the Admin, Developer, and User groups access to the web console. Abby grants the Admin and Developer groups administrator rights on the web console, and she grants the User group viewer rights. The users in those groups can now to log in to the web console with administrative or viewing rights.

Abby now uses the Databases page to add the required databases to the web console. Abby needs the connection information for each database, including a user ID and password for a user that has at least CONNECT authority on that database.
Tip: Initially, as the only database administrator for the repository database, Abby is the only user that can add database connections to Data Studio web console. By granting users in the Admin or Developer groups INSERT and DELETE privileges on the following repository database tables in the IBMPDQ schema, Abby can allow those users to add new database connections, and to grant other web console users permissions on the individual databases.
  • MANAGED_DATABASE
  • MANAGED_DATABASE_PROPS
  • PROFILE
  • PROFILE_PROPS

Finally, Abby uses the Manage Privileges page to give the Admin and Developer groups the permissions that are required to monitor health and manage jobs by granting them Can Monitor and Can Manage Jobs rights on individual databases.


Feedback