i running a db2 server (linux 10.5 express-c) which has to instances. I can i manage to which instance a user is connecting via the "DB2 connect to XXXX" command.
Lets pretend i have the following environment:
- Inst1: DB1, DB2 --> User DB2inst1
- Inst2: DB3, DB4 --> User DB2inst2
DB2inst1 can only connect to DB1 and DB2. What do i have to do to connect to an DB from the other instance?
When I create a new user how can i manage to which Instance (and DB) the user connects via the "DB2 connect to XXXX" command?
Study the docs about the "GRANT CONNECT ON DATABASE", after you ensure that you have catalogued the databases between the DB2-instances (i.e. catalog a node for the other DB2instance in each DB2-instance, then catalog the other databases on that node). If you arrange that the account dbinst1 and db1inst2 share at least one group (either the primary group or a secondary group) in Linux then you can grant connect at group level instead of at User level. You might need to perform other grants as well (to achieve other things), particularly if you have revoked PUBLIC on any objects in each database). You can also assign ROLEs to users or groups then grant to ROLEs.
Thanks for your advices. At the moment I am not working on the implimentation of my described case. I just try to understand the general concepts of DB2.
So if i create a new Linux user which is part of the "PUBLIC" group. As i didn't revoke PUBLIC the user should be able to connect to the databases.
If this new user is trying to connect via "DB2 connect to XXXX" on which instance he is trying to connect to the DB?
Studing the documentation of DB2 (translated by IBM into your native language) is the way to learn, not by asking questions on forums because you will get only a small part of the answer based on the small number of facts that you give in your question . For the wider understanding, do your study carefully.
The DB2 PUBLIC is not an operating system group, it is a pseudo group. Yes, if PUBLIC has CONNECT rights on the database then all *authenticated* users can connect IF and ONLY IF the database (and the node it lives in) are correctly catalogued for the DB2-instance you have profiled.
For example: if you do this:
su - db2inst2
db2 connect to DB2
then it should work (without any password, because db2inst2 is already authenticated locally, and database DB-2 is now local to DB2-instance called db2inst1 whose profile who have dotted in by the above action.
However, if you do not explicitly dot in the db2inst1 db2profile, then the default will be for db2inst2 to dot in its own db2profile ( . ~db2inst2/sqllib/db2profile) meaning that the only local databases in db2inst2 are DB3 and DB4 so the can be connected directly without passwords by db2inst2. If you want to "remotely" connect (accross DB2-instances) then you need to catalog the db2inst1 node inside db2inst2 , and then catalog the remote database on that node inside db2inst2. Please study the documentation for 'catalog tcpip node' and 'catalog database' commands.