Start of change

Authorizing access to the databases

When you have created the configuration repository or a broker database, you must authorize the owning component to access it. When you invoke the mqsicreateconfigmgr or mqsicreatebroker command, you must specify at least one ID for runtime authorization; you can specify a second ID specifically for database connect authorization. If you do not specify the second ID, the component uses its runtime ID (the service user ID) for database access as well.

You specify the service user ID and its password with the -i and -a flags, and the optional database connection ID and password with the -u and -p flags.

The way that you authorize access depends on the database you are using, and the platform on which you have created it.

DB2 authorization

To authorize access to a DB2 database on Windows:

  1. Start the DB2 Control Center, if it is not already active.
  2. Expand the object tree until you find the database you created for the broker.
  3. Expand the tree under this database and select the User and Group Objects folder. The DB Users and DB Groups folders are displayed in the right pane.
  4. Right-click the DB Users folder in the right pane and select Add. The Add User notebook opens.
  5. Start of changeSelect the user ID you want to authorize to access the database (for example, mqsiuid) from the drop-down list. This must be the user ID that you specify to be used for database access when you create the Configuration Manager or broker. The drop-down list contains all user IDs that are defined to Windows. If you cannot see the user ID you specified in the command, you must define it before you can give it authority.End of change
  6. Select the appropriate options from the choices in the box labelled Choose the appropriate authorities to grant to the selected user for the database. These are:
    • Connect database
    • Create tables
    • Create packages
    • Register functions to execute in database manager's process
  7. Click OK. The authorities are granted. The dialog closes.
  8. Close the DB2 Control Center.

Start of changeIf you prefer, you can use the command line commands shown below for UNIX platforms (for broker database and configuration repository); the commands are the same on Windows.End of change

Start of changeTo authorize access to a DB2 database on UNIX:End of change

Start of change
  1. Connect to the database with a user ID that has DB2 system administration (SYSADM or DBADM) authority (substitute the correct database and ID in this command):
    db2 connect to <broker_db> user <SysAd_id>
  2. Issue the following command to grant the required privileges to the user ID that the broker will use to connect to the database (substitute the correct ID for your broker in this command if you are not using the sample mqsiuid):
    db2 grant connect, createtab, bindadd, create_external_routine to user mqsiuid
End of change

If you need further guidance about any of these tasks, use the online help facility of the DB2 Control Center. Your database administrator might also be able to offer advice and assistance.

Oracle authorization

To authorize access to an Oracle database.

  1. Start of changeLogon to the database using SQL*Plus as the Oracle DBA (database administrator).End of change
  2. Modify the privileges of the user ID that you have specified for database connection to ensure that the broker can successfully access the database. The user ID needs a minimum of connect, resource, and create table privileges:
    GRANT CONNECT TO dbid;
    GRANT RESOURCE TO dbid;
    GRANT CREATE TABLE TO dbid;

Start of changeIf you expect to deploy message flows that participate in coordinated transactions to a broker, you must provide additional authorization. This is described in Configuring databases for coordinated message flows.End of change

For further information, refer to the Oracle documentation, or consult your database administrator.

Related concepts
Coordinated message flows

Related tasks
Creating a DB2 database on Windows
Creating a DB2 database on UNIX platforms
Connecting to the databases
Configuring databases for coordinated message flows

Related reference
Supported databases
mqsicreatebroker command



End of change