Chapter 4. Security 127
As we see in Figure 4-7, DB2 does not list the members of the domain
DB2TEST, but does list its local groups and users.
Figure 4-7 User IDs taken from the local SAM of the server LOCHNESS
4.1.2 User ID and group name enhancements
Naming rules now have the following enhancements:
Additional special characters in user IDs and group names are allowed
(!%&(){}-.^~ and space). For example:
Joe F. Miller, Hans-Peter Sonderegger
Figure 4-8 on page 128 shows connecting to a DB2 database with a user ID
that has a special character.
128 DB2 UDB V8.2 on the Windows Environment
Figure 4-8 Logon with a user name with special characters in DB2 Control Center
Example 4-1 shows connecting to database from DB2 Command Processor
using a user ID with a special character.
Example 4-1 User ID with special character
db2 => connect to sample user "Joe F. Miller"
Enter current password for Joe F. Miller:
Database Connection Information
Database server = DB2/NT 8.2.0
SQL authorization ID = JOE F. M...
Local database alias = SAMPLE
User names can contain up to 30 characters. Figure 4-9 on page 129 shows
the user with long name.
For example, this will work:
GRANT DBADM ON DATABASE TO USER ‘HANS-PETER SONDEREGG’;
Attention: Be sure to put the user name between single quotes in a DB2
Command Window. Double quotes work on the DB2 Command Processor
and the DB2 Command Editor, but not on the DB2 Command Window.
Note: If you complete the name so that it matches the user name in the
Windows Active Directory, you will not be able to connect to DB2 with this
user ID. Leave it as proposed in the DB2 Control Center. Remember this
also for GRANT statements, otherwise they will not have the desired effect.
Truncate the user ID to 20 characters.
Chapter 4. Security 129
This will not:
GRANT DBADM ON DATABASE TO USER ‘HANS-PETER SONDEREGGER’;
Figure 4-9 Long user names
Group names can contain up to 30 characters
Security mechanism group names are no longer limited to eight characters
and can contain special characters. This is also valid for SYSADM_GROUP,
SYSCTRL_GROUP, SYSMAINT_GROUP, and SYSMON_GROUP. For
example:
A local or global Windows group can be called “Sales Representatives
Global” or “Scrapping & Waste Disposal” (Figure 4-10 on page 130).
DB2 reads user ID and group memberships from the underlying operating
system, so it does not need its own mechanism to maintain them.
130 DB2 UDB V8.2 on the Windows Environment
Figure 4-10 Long group names
Two-part names on CONNECT and ATTACH that contain a Windows domain
name and the user ID are allowed.
Figure 4-11 shows an example of logging on from Control Center with a long
user name.
Figure 4-11 Logon with a long user name in DB2 Control Center specifying domain
Chapter 4. Security 131
Specifying the Windows domain name avoids network traffic associated with
looking up the user name in the trusted domain forest. This can result in faster
connect time.
For example, Joe F. Miller’s account was created in the Windows domain
DB2TEST:
connect to sample user “DB2TEST\Joe F. Miller” using password
Using two-part names also avoids ambiguity as to which account is being
used (for example, two accounts named Bob but in different domains and
belonging to different groups).
Following are some examples of using enhanced user names. The examples
with syntax that works are:
In the GUI-based DB2 Command Editor and the DB2 Command Line
Processor
connect to sample user “Joe F. Miller” using password
connect to sample user ‘Joe F. Miller’ using password
connect to sample user “DB2TEST\Joe F. Miller” using password
connect to sample user ‘DB2TEST\Joe F. Miller’ using password
In the DB2 Command Window
db2 connect to sample user ‘Joe F. Miller’ using password
db2 connect to sample user ‘DB2TEST\Joe F. Miller’ using password
Examples that do not have valid syntax are:
In the GUI based DB2 Command Editor and the DB2 Command Line
Processor
connect to sample user Joe F. Miller using password
connect to sample user DB2TEST\Joe F. Miller using password
connect to sample user ‘DB2TEST\Joe F. Miller’ using password
In the DB2 Command Window
db2 connect to sample user “DB2TEST\Joe F. Miller” using password
db2 connect to sample user DB2TEST\Joe F. Miller using password
Get DB2 UDB V8.2 on the Windows Environment now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
