The last two project I have been working on both used IBM's Db2. Most of my database experience in the past, has been with MySQL, Postgres and Microsoft MSSQL and the architecture that IBM's database takes was somewhat different to what I am used to.
All the databases I have used in the past use their own internal systems for user authentication and authorisation. Db2, however, makes use of third party authentication mechanisms. Although you can configure this for a variety of sources the default install uses the underlying operating systems authentication mechanism. This has advantages in that the users are managed through the standard administration and security tools of the os but its disadvantage is that you have user accounts lying around which would be better of as system accounts.
Db2 user accounts required
To run Db2 you need at least three user accounts. There should be one account for :
- the database administration server (DAS) user,
- another for a database server instance owner(DbInst),
- and a third used to run functions and stored procedures called a fence user (fenc)
The fence user is so called, I suppose, because they are ring-fenced in terms of operations they can perform. Any Db2 installation will require these three users. During installation Db2 will also ask for, or setup on your behalf, groups that are used by the server for determining access rights. More instance users and fence users can be added by making them members of these groups. In addition when a user, which is part of the appropriate group creates a new instance the users profile is adjusted to include the paths and other environment variables needed by Db2. Hence you will find a sqllib folder created in the home directory of each user.
Database server structure
Beside the requirement for three users Db2 also has the concept of an Database Administration Server which is separate from the database server instances. The job of the DAS server is to administer all database server instance that it controls. The database server in turn is responsible for and manages databases. So there is an extra level above just the database server. In order to start your instance server you need to had the administration server running and then you need to start the database instance.
Conclusion
I am pretty sure that those with more Db2 experience will shudder at my simplistic, and possibly incorrect explanation. Hopefully they will correct me and we can all learn. Trying to understand this different approach to database setup and management initially put me off Db2, especially when all you want to do is to get up and running asap to start a new project. Now that I have a better, basic understanding of Db2 and feel more comfortable with it I can begin to understand the deeper and more powerful features which this architecture enables. From my experience it is a great product to use.