Lotus Domino Administrator 8 Help - Mapping the DB2 ID to a Notes ID in the Domino server's Domino Directory

DOMINO AND DB2

Mapping the DB2 ID to a Notes ID in the Domino server's Domino Directory
IBM® Lotus® Domino™ and DB2 enables IBM® Lotus® Notes® applications to use query views to access IBM® DB2 Universal Database™ Enterprise Server Edition data and enables DB2 users to view and manipulate Notes data using Structured Query Language (SQL). Domino manages access to Notes data when the data is stored in an NSF file or in DB2, and also manages SQL access to Notes data. DB2 manages access to all other DB2 objects (tables).

Lotus Notes client users need a Notes ID and, if they require access to DB2 databases on a DB2 server, they also need a DB2 user ID. This DB2 ID, or user name, is an OS user name. Domino and DB2 use different methods for administering user accounts; therefore, users sometimes need to be explicitly "mapped" from one system to the other. User mappings are required for executing query views and for SQL access to Notes data stored in a Domino Access View (DAV). In the case of a DAV, the user connects to DB2 using a DB2 user ID and the mapping is used to associate a Notes user ID with the DB2 user for the purpose of checking server and Notes database permissions. No explicit user mapping or default user mapping is required for normal use of the Domino server, including access to DB2 enabled Notes databases.

Use the Domino Administrator to map an individual Notes user to a specific DB2 user name. If an explicit mapping of a DB2 user to a Notes user does not exist, you can set up a default DB2 user name that can be used in place of an explicit DB2 user mapping. This default DB2 user mapping is sufficient when working with most query views, but cannot be used with Domino Access Views. When querying a DAV, you must use an explicit user mapping.

When Domino executes a query view, Domino attempts to find a matching DB2 user name. If an explicit mapping is present, that mapping is used. If an explicit mapping does not exist, and a default DB2 user name is defined, Domino executes the query as the default DB2 user.

If you are using Notes query views to query DB2 data which is not managed by the Domino server (that is, data not in Notes databases), use explicit user mappings to associate a DB2 user ID with a Notes user ID for the purpose of checking DB2 privileges for these DB2 objects. If you are using Notes query views to view Notes databases stored in DB2, you can create and use a default user mapping. Notes security, that is ACLs and reader lists, is enforced in both cases.

When SQL is issued against DB2 tables, two security processes are used. First, standard DB2 security is used to check for access at the table level. The DB2 user ID is compared to the permissions granted to that user ID, and the request is approved or denied based on those permissions. Second, Domino ACL security is enforced when the SQL statement references data in a DAV -- data that originated in Notes Domino.

Applications using query views

If you have applications that use query views, create a default DB2 user for the query views. Query views are run using the users's Notes ID. Notes security with ACLs and reader lists is enforced.

Query views and DB2 federated data

DB2 federated data is the data that DB2 obtains from other relational databases such as Oracle. Create explicit user mappings or use a default user mapping. When you define a federated data wrapper in DB2, DB2 creates a local nickname for the foreign table. Access to this proxy object from a Notes query view is controlled by DB2 and the mapped DB2 user name is used. The connection to the federated database is accomplished using a special connection between Domino and the federated database. There is no user level grant and deny capability in the foreign datasource. Access to the foreign data is managed in the Domino database by controlling access to the nickname.

For more information about how to map user names, see the topic Mapping DB2 user names to Notes user names.

For more information about setting up and enabling a default DB2 user, see the topic Changing or deleting the default DB2 user name for use with query views.

Mapping DB2 user names to Notes user names

Use this procedure to map DB2 uses names to Notes user names.

1. From the Domino Administrator, click People and Groups.

2. Click People. Select the person for whom you are mapping a DB2 account user name to a Notes user name.

3. Click Tools - People - Set DB2 User Name.

4. Complete these fields, and then click OK.

Field Action

Copy from shortname field, if available Click this check box if there is an existing network account name in the Person document and you want to use the shortname.

Default format Choose a default name format. For example, LastName FirstName.
If "Enter Discrete Name" is chosen here, the Discrete Name field displays.

Separator Choose a separator to separate the name components. For example, an underscore character separates the first name from the last name.
If "Enter Custom pattern" is selected in the "Default format" field, the Separator field does not display.

Format pattern This field appears only if "Enter Custom pattern" is selected in the "Default format" field. Enter the custom pattern you want to use. For example, you could use FirstInitialLastName.
To view a list of the valid characters you can use to create a custom pattern, see the topic "Using formulas to create custom patterns in user names."

Discrete name This field displays if "Enter Discrete Name" is selected in the Default Format field.
Enter the user's discrete name, that is, a name you enter individually -- not a name generated by specifying a pattern.

Make resulting name uppercase Choose this option if you want to display the DB2 user name in uppercase characters.

Using formulas to create custom patterns in user names

When defining a custom pattern for creating user names, you can use the characters and symbols shown in the table below to create the custom patterns. Enter the custom patters in the Format Pattern field of the Set DB2 User Name dialog box.

Example

For example, you can create a formula for the custom pattern of LastName followed by the underscore character followed by the OrganizationName:

L_O

Character or Symbol	Represents
F	First name
L	Last name
M	Middle name
T	Title
G	Generation
O	Organization name
I	ID
C	Location
D	Department
V	Server
S	Short name
_	Underscore
.	Dot
=	Equal
%	Percent

If you are using a Microsoft® Windows® platform, return to the roadmap topic Setting up the DB2 Access server.

If you are using an IBM® AIX® platform, return to the roadmap topic Installing the DB2 Access server.

See also

Installation and setup procedures

Understanding Domino and DB2

Enabling the Domino server to communicate with the DB2 server

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary

Field	Action
Copy from shortname field, if available	Click this check box if there is an existing network account name in the Person document and you want to use the shortname.
Default format	Choose a default name format. For example, LastName FirstName. If "Enter Discrete Name" is chosen here, the Discrete Name field displays.
Separator	Choose a separator to separate the name components. For example, an underscore character separates the first name from the last name. If "Enter Custom pattern" is selected in the "Default format" field, the Separator field does not display.
Format pattern	This field appears only if "Enter Custom pattern" is selected in the "Default format" field. Enter the custom pattern you want to use. For example, you could use FirstInitialLastName. To view a list of the valid characters you can use to create a custom pattern, see the topic "Using formulas to create custom patterns in user names."
Discrete name	This field displays if "Enter Discrete Name" is selected in the Default Format field. Enter the user's discrete name, that is, a name you enter individually -- not a name generated by specifying a pattern.
Make resulting name uppercase	Choose this option if you want to display the DB2 user name in uppercase characters.