Solved: Db2 authorities needed on server - Qlik Community

Attunity_user01 · ‎2020-02-20

Hello Support,

We are using Attunity Replicate with Db2. Attunity user guide recommends that on Db2 server the Attunity user must have below authorities:

1. SYSADM or DBADM

2. DATAACCESS

In first case SYSADM is highest level authority at Db2 instance level and DBADM is highest authority at database level.

My understanding is that Attunity only needs the Log Read privilege associated with these two authorities but not the rest which are included in this role which included destructive privilege such as drop tablespace or database.

In second case DATAACESS authority grants all ( select/update/drop) the privileges on all user tables on schema whereas Attunity needs only read privilege on catalog tables and appropriate user tables.

Is there any way to limit the extra destructive privilges being granted to Attunity user?

Thank you.

Madhavi_Konda · ‎2020-02-28

Hi Team,
Replicate uses db2readlog api to read the changes from DB2 and IBM documentation says sysadm and dbadm access privileges needed to read the change logs(db2readlog api).
Please find below the IBM documentation link for your reference.
https://www.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.apdv.api.doc/doc/r0001673.h...

Thanks,
Madhavi

View solution in original post

Madhavi_Konda · ‎2020-02-28

Hi Team,
Replicate uses db2readlog api to read the changes from DB2 and IBM documentation says sysadm and dbadm access privileges needed to read the change logs(db2readlog api).
Please find below the IBM documentation link for your reference.
https://www.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.apdv.api.doc/doc/r0001673.h...

Thanks,
Madhavi