DOMINO AND DB2
Lotus Notes client users need a Notes ID and, if they require access to DB2 databases on a DB2 server, they also need a DB2 user ID. This DB2 ID, or user name, is an OS user name. Domino and DB2 use different methods for administering user accounts; therefore, users sometimes need to be explicitly "mapped" from one system to the other. User mappings are required for executing query views and for SQL access to Notes data stored in a Domino Access View (DAV). In the case of a DAV, the user connects to DB2 using a DB2 user ID and the mapping is used to associate a Notes user ID with the DB2 user for the purpose of checking server and Notes database permissions. No explicit user mapping or default user mapping is required for normal use of the Domino server, including access to DB2 enabled Notes databases.
Use the Domino Administrator to map an individual Notes user to a specific DB2 user name. If an explicit mapping of a DB2 user to a Notes user does not exist, you can set up a default DB2 user name that can be used in place of an explicit DB2 user mapping. This default DB2 user mapping is sufficient when working with most query views, but cannot be used with Domino Access Views. When querying a DAV, you must use an explicit user mapping.
When Domino executes a query view, Domino attempts to find a matching DB2 user name. If an explicit mapping is present, that mapping is used. If an explicit mapping does not exist, and a default DB2 user name is defined, Domino executes the query as the default DB2 user.
If you are using Notes query views to query DB2 data which is not managed by the Domino server (that is, data not in Notes databases), use explicit user mappings to associate a DB2 user ID with a Notes user ID for the purpose of checking DB2 privileges for these DB2 objects. If you are using Notes query views to view Notes databases stored in DB2, you can create and use a default user mapping. Notes security, that is ACLs and reader lists, is enforced in both cases.
When SQL is issued against DB2 tables, two security processes are used. First, standard DB2 security is used to check for access at the table level. The DB2 user ID is compared to the permissions granted to that user ID, and the request is approved or denied based on those permissions. Second, Domino ACL security is enforced when the SQL statement references data in a DAV -- data that originated in Notes Domino.
Applications using query views
If you have applications that use query views, create a default DB2 user for the query views. Query views are run using the users's Notes ID. Notes security with ACLs and reader lists is enforced.
Query views and DB2 federated data
DB2 federated data is the data that DB2 obtains from other relational databases such as Oracle. Create explicit user mappings or use a default user mapping. When you define a federated data wrapper in DB2, DB2 creates a local nickname for the foreign table. Access to this proxy object from a Notes query view is controlled by DB2 and the mapped DB2 user name is used. The connection to the federated database is accomplished using a special connection between Domino and the federated database. There is no user level grant and deny capability in the foreign datasource. Access to the foreign data is managed in the Domino database by controlling access to the nickname.
For more information about how to map user names, see the topic Mapping DB2 user names to Notes user names.
For more information about setting up and enabling a default DB2 user, see the topic Changing or deleting the default DB2 user name for use with query views.
Mapping DB2 user names to Notes user names
Use this procedure to map DB2 uses names to Notes user names.
1. From the Domino Administrator, click People and Groups.
2. Click People. Select the person for whom you are mapping a DB2 account user name to a Notes user name.
3. Click Tools - People - Set DB2 User Name.
4. Complete these fields, and then click OK.
If "Enter Discrete Name" is chosen here, the Discrete Name field displays.
If "Enter Custom pattern" is selected in the "Default format" field, the Separator field does not display.
To view a list of the valid characters you can use to create a custom pattern, see the topic "Using formulas to create custom patterns in user names."
Enter the user's discrete name, that is, a name you enter individually -- not a name generated by specifying a pattern.
When defining a custom pattern for creating user names, you can use the characters and symbols shown in the table below to create the custom patterns. Enter the custom patters in the Format Pattern field of the Set DB2 User Name dialog box.
Example
For example, you can create a formula for the custom pattern of LastName followed by the underscore character followed by the OrganizationName:
If you are using a Microsoft® Windows® platform, return to the roadmap topic Setting up the DB2 Access server.
If you are using an IBM® AIX® platform, return to the roadmap topic Installing the DB2 Access server.
See also