See information about the latest product version
Authorizing access to user databases
When you have created a user database, you must authorize the broker and its execution groups to access it.
Use the mqsisetdbparms command to specify a user ID and password that the broker can use to access each database. If you want to define a default user ID and password that the broker can use if you have not defined specific values for a particular database, run the mqsisetdbparms command and set the ResourceName to the value dsn::DSN with your chosen default user ID and password.
If you have migrated your broker from a previous release, the broker accessed a database for its own use, and you might have defined the user ID and password used to access that database by specifying a database connection user ID and password with the -u and -p parameters on the mqsicreatebroker command. Alternatively, you might have used the broker service user ID and its password (specified with the -i and -a parameters on the same command). When you migrate the broker, these parameters are migrated and stored, and are used by the migrated broker for access to databases that do not have specific ID access defined.
The following values and order of preference are used by the broker:
- First, on all platforms: The user ID and password that you have set for the specific database, by using the mqsisetdbparms and specifying the database in the -n parameter.
- Second, on all platforms: The user ID and password that you have set for all other databases, by using the mqsisetdbparms and specifying dsn::DSN in the -n parameter.
- Third, the values are platform-specific:
On Windows: The broker service ID and password that you specified on the mqsicreatebroker command.
On Linux and UNIX: The user ID mqsiUser and password ******** (these values are fixed).
On z/OS®: The user ID "" and password "", which cause the connection to be made with the broker started task user ID.
On z/OS only, if you do not specify a password when you specify dsn::DSN in the -n parameter, the broker connects to the DB2® database with its started task user ID. The broker uses the user ID that you have specified on the command when it creates a fully-qualified SQL statement, such as in ESQL, for stored procedures. For non-stored procedure SQL statements, where the schema is not specified, DB2 uses the CURRENTSQLID value. If you have not specified a CURRENTSQLID value, the broker uses the user ID that you specified on the mqsisetdbparms command. If you have not provided a user ID by using that command, DB2 uses the broker started task ID. If you want to check what user ID you set, or test that the password for a specific user ID is what you expect, you can use the mqsireportdbparms command.
- The user ID must be authorized to connect to the database.
- The user ID must have appropriate privileges on the user database objects that are accessed by the message flow; for example, tables, procedures, and indexes.
If you expect to deploy message flows that participate in globally coordinated transactions to a broker, you must provide additional authorization. For more information, see Configuring databases for global coordination of transactions.
The way that you authorize access depends on the database manager that you are using, and the platform on which you have created the database. The instructions might also vary from release to release of a single database. Consult your database administrator, or see the documentation for the appropriate database when you perform this task.
The following sections provide examples of the steps that you can take to provide the required authorization for specific databases:
DB2 authorization
To authorize access to a DB2 database, you can use either the DB2 Control Center or the DB2 command line:
Oracle authorization
To authorize access to an Oracle database:
- Log on as the Oracle database administrator (DBA) to the database using SQL*Plus.
- Modify the privileges of the user ID that you have specified for database connection to ensure that the broker can successfully access the database.
- If appropriate, increase the quota (disk space) available for table spaces associated with this database.