Results 1 to 8 of 8
  1. #1
    Join Date
    Jul 2002
    Location
    Chapel Hill
    Posts
    9

    Red face Unanswered: Adding an authorized user

    I must be missing some core concept but I cannot seem to add a new user to DB2 7.2 for Linux. On my Windows 2000 installation, I create a OS user and then add it as a DB2 user using Control Center. Logged in as the default instance user (DB2INST1), no users are available in Control Center to associate. Do I need to be logged in as root or does the Linux user have to have some special permissions to allow it to be included in the list of available users? I am new to Linux but pretty familiar to with DB2, at least I thought I was.

    P. Alston

  2. #2
    Join Date
    Aug 2001
    Location
    UK
    Posts
    4,650

    Re: Adding an authorized user

    Add some privilege to the user and the id gets automatically added to the list of dbusers ....

    Cheers

    Sathyaram

    Originally posted by phalston
    I must be missing some core concept but I cannot seem to add a new user to DB2 7.2 for Linux. On my Windows 2000 installation, I create a OS user and then add it as a DB2 user using Control Center. Logged in as the default instance user (DB2INST1), no users are available in Control Center to associate. Do I need to be logged in as root or does the Linux user have to have some special permissions to allow it to be included in the list of available users? I am new to Linux but pretty familiar to with DB2, at least I thought I was.

    P. Alston

  3. #3
    Join Date
    Jul 2002
    Location
    Chapel Hill
    Posts
    9
    I tried that but when I try to connect using the account. I get an error message saying I am not an authorized user.


    SQL1046N The authorization ID is not valid. SQLSTATE=28000



    P. Alston

  4. #4
    Join Date
    Aug 2001
    Location
    UK
    Posts
    4,650
    Are you sure, you do not fall into any of the following scenario ...

    H:\>db2 ? SQL1046N

    SQL1046N The authorization ID is not valid.

    Explanation: The authorization specified at logon is not valid
    for either the data source or the database manager. One of the
    following occurred:

    o The authorization contains more than 30 characters for
    Windows platforms or 8 characters for other platforms.

    o The authorization contains characters not valid for an
    authorization. Valid characters are A through Z, a through z,
    0 through 9, #, @ and $.

    o The authorization is PUBLIC or public.

    o The authorization begins with SYS, sys, IBM, ibm, SQL or
    sql.

    o The authorization violates some data source-specific naming
    convention.



    The command cannot be processed.

    User Response: Log on with a valid authorization ID.

    Federated system users: if necessary isolate the problem to the
    data source rejecting the request (see the problem determination
    guide for procedures to follow to identify the failing data
    source) and use an authorization ID valid for that data source.

    sqlcode: -1046

    sqlstate: 28000


    Originally posted by phalston
    I tried that but when I try to connect using the account. I get an error message saying I am not an authorized user.


    SQL1046N The authorization ID is not valid. SQLSTATE=28000



    P. Alston

  5. #5
    Join Date
    Jul 2002
    Location
    Chapel Hill
    Posts
    9
    I wonder if I do not have some necessary authority in Linux to be able to add an OS user to DB2 using the Control Center. I was under the assumption that you had to have a Linux user to correspond to the DB2 user? Am I wrong? I commented below as well. I appreciate your help.

    P. Alston

    Quote:
    Are you sure, you do not fall into any of the following scenario ...
    [PA:] I don't think so...

    H:\>db2 ? SQL1046N

    SQL1046N The authorization ID is not valid.

    Explanation: The authorization specified at logon is not valid
    for either the data source or the database manager. One of the
    following occurred:

    o The authorization contains more than 30 characters for
    Windows platforms or 8 characters for other platforms.

    [PA:] I am running Red Hat Linux 7.3 and Linux newbie. I assume user names can belonger than 8 characters.

    o The authorization contains characters not valid for an
    authorization. Valid characters are A through Z, a through z,
    0 through 9, #, @ and $.

    [PA:]The user name is tranclient.

    o The authorization is PUBLIC or public.
    [PA:] Not sure what this means...

    o The authorization begins with SYS, sys, IBM, ibm, SQL or
    sql.

    o The authorization violates some data source-specific naming
    convention.

    [PA:] I have not set any conventions.


    The command cannot be processed.

    User Response: Log on with a valid authorization ID.

    Federated system users: if necessary isolate the problem to the
    data source rejecting the request (see the problem determination
    guide for procedures to follow to identify the failing data
    source) and use an authorization ID valid for that data source.

    sqlcode: -1046

    sqlstate: 28000

  6. #6
    Join Date
    Aug 2001
    Location
    UK
    Posts
    4,650
    AFAIk, you need to have db2 privelages on the object you are granting privilege on ... For eg, to grant select on a table, you should be SYSADM, DBADM, owner of the table or have SELECT WITH GRANT OPTION (i possibly have missed a few other things) ...

    Have you tried to grant the privilege from a command line and come back to your control centre to see if the user is added ...

    HTH

    Cheers

    Sathyaram

  7. #7
    Join Date
    May 2003
    Location
    USA
    Posts
    5,737
    I am not sure if I understand the scenario properly, but here is what I just tried using DB2 8.1 FP2 on Red Hat Linux 9. Client access (to test security) was from Windows 2000 running DB2 connect V7.2 FP9.

    1. Logged on Linux as root.
    2. Created Linux user id called DB2USR (not made part of any existing DB2 group)
    3. su to [db2instance owner]
    4. Started db2cc (control center)
    5. Went to Sample database and selected “Users and Groups”, then “DB Users”
    6. Then right clicked on DB Users and selected "Add..."
    7. Added DB2USR as a user
    8. Gave select access (only) to all tables in SAMPLE database with schema name [db2instance owner]. These are the "user tables" in the SAMPLE database and do not include catalog tables..
    9. Went back to Windows 2000 and added DB2USR as User on Windows (not made part of any Windows admin group).
    10. Opened DB2 Command Center on Windows 2000 and connected to SAMPLE database with user = "db2usr"
    11. Performed Select against [instance owner].EMPLOYEE (the SAMPLE database was created by the instance owner). Worked fine.
    12. Tried to update row in [instance owner].EMPLOYEE. Was informed that I did not have privilege to perform operation (as expected since I only granted DB2USR select access).

    Everything seems to work fine.

  8. #8
    Join Date
    Mar 2003
    Posts
    4
    one small thing to be noted: Your userid should be less than 8 characters. I recently faced this problem and came to know that the only reason for my ID not working was that it was about 10 characters. when i reduced the length of the userid to 8 characters, it worked. btw, i am talking about linux environment!!!!

    hth,
    dotyet




    Originally posted by sathyaram_s
    Are you sure, you do not fall into any of the following scenario ...

    H:\>db2 ? SQL1046N

    SQL1046N The authorization ID is not valid.

    Explanation: The authorization specified at logon is not valid
    for either the data source or the database manager. One of the
    following occurred:

    o The authorization contains more than 30 characters for
    Windows platforms or 8 characters for other platforms.

    o The authorization contains characters not valid for an
    authorization. Valid characters are A through Z, a through z,
    0 through 9, #, @ and $.

    o The authorization is PUBLIC or public.

    o The authorization begins with SYS, sys, IBM, ibm, SQL or
    sql.

    o The authorization violates some data source-specific naming
    convention.



    The command cannot be processed.

    User Response: Log on with a valid authorization ID.

    Federated system users: if necessary isolate the problem to the
    data source rejecting the request (see the problem determination
    guide for procedures to follow to identify the failing data
    source) and use an authorization ID valid for that data source.

    sqlcode: -1046

    sqlstate: 28000

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •