I have installed DB2 Express on a PC. My user is not an administrator user, however as far as i know, it is possible to grant a user rights, so he can create/delete/modify a database.
I have executed: db2set DB2_GRP_LOOKUP=local
after that i created a Local group: DB2Admins, and added myself to it. After that i executed `db2 update dbm cfg using sysadm_group db2admins.
After that i tried to create database test, but i get the error SQL1092N The requested command or operation failed because the user ID does not have authority to perform the requested command or operation. User ID: "myUserID".
I created a local user, and added it to the same group. If i log in with this local user, then it is ok. The user can create a a database.
My user however is a domain user, and with that it is not working.
Does anyone has any idee how to solve this?
Thanks in advance!
Best Answer
DB2 will by default look for the group information in the same directory where the user is defined. For a domain user that would be the domain itself. If a domain user is a member of a local group, after setting
DB2_GRP_LOOKUP=localmake sure to restart the DB2 instance.If you have enabled extended security (which is the default installation option), you may want to try adding your ID to the
DB2USERSgroup.Since the DB2 instance will need to perform the domain directory lookup when authenticating domain users, the account that runs the DB2 instance service must have sufficient permissions to perform the AD lookup. For example, Local Service authority would not be able to do that.
Each DB2 instance service needs such authority. There are other DB2-related services (DB2 DAS, DB2 Remote Command Server, etc. -- described in http://pic.dhe.ibm.com/infocenter/db2luw/v10r5/topic/com.ibm.db2.luw.qb.server.doc/doc/r0023249.html) -- they do not perform authentication and therefore do not require domain rights.