IBM Security Verify Governance Adapter 10.0.1 for DB2 is available. Compatibility, installation, and other getting-started issues are addressed.
© Copyright IBM Corporation 2011, 2022 All Rights Reserved
US Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Welcome to the IBM Security Verify Governance Adapter for DB2.
These Release Notes contain information for the following products that was not available when the IBM Security Verify Governance Server manuals were printed:
IBM Security Verify Governance Adapter for DB2 Installation and Configuration Guide
The DB2 Adapter is designed to create and manage user accounts on a DB2 Universal Database. The adapter runs in "agentless" mode and communicates using JDBC to system being managed.
IBM recommends the installation of this Adapter (and the prerequisite IBM Security Directory Integrator) on each node of an IBM Security Verify Governance Identity Manager WAS cluster. A single copy of the adapter can handle multiple IBM Security Verify Governance Identity Manager Services. The deployment configuration is based, in part, on the topology of your network domain, but the primary factor is the planned structure of your IBM Security Verify Governance Identity Manager Provisioning Policies and Approval Workflow process. Please refer to the IBM Security Verify Governance Identity Manager Documentation Center for a discussion of these topics.
The IBM Security Verify Governance Manager Adapters are powerful tools that require Administrator Level authority. Adapters operate much like a human system administrator, creating accounts, permissions and home directories. Operations requested from the IBM Security Verify Governance Manager server will fail if the Adapter is not given sufficient authority to perform the requested task. IBM recommends that this Adapter run with administrative (root) permissions.
Review and agree to the terms of the IBM Security Verify Governance Adapter license prior to using this product. The license can be viewed from the "license" folder included in the product package.
Adapter Version
Component |
Version |
Build Date |
2022 December 14 06.09.49 |
Adapter Version |
10.0.1 |
Component Versions |
Adapter build: 10.0.1.57 Profile: 10.0.1.57 Connector: 10.0.1.57 Dispatcher 7.0.39 or higher (packaged separately) |
Documentation |
The following guides are available in the IBM Security Verify Governance Adapters documentation:
DB2 Adapter Installation and Configuration Guide |
New Features
Internal |
Enhancement # (RFE)/Idea |
Description |
|
|
Items included in current release (10.0.1) |
RTC 191163 |
ADAPT-1222 |
Verify DB2 adapter on DB2 11.5 |
|
|
Items included in release (7.1.7) |
|
|
None |
|
|
Items included in 7.1.6 release
|
|
|
None |
|
|
Items included in 7.1.5 release
|
RTC 151775 |
|
Add Support for Identity Governance and Intelligence (IGI) v5.2.2 This adapter is now designed for use with IBM Security Verify Governance Server, Privileged Identity Manager, and Identity Governance and Intelligence. |
|
|
Items included in 7.0.4 release
|
|
|
None
|
|
|
Items included in 7.0.3 release
|
|
|
Initial Release
|
Closed Issues
Internal# |
APAR# |
Case# / Description |
|
|
Items closed in current release (10.0.1)
|
|
|
None |
|
|
Items closed in release (7.1.7)
|
RTC-
186434 |
|
TS003510757 / IGI: Adding supporting data to DB2 Adapter 7.1.6 For more details please refer to the know limitations.
|
|
|
Items included in 7.1.6 release |
|
RTC WI 159075
Bug 2241 |
DB locks by DB2 adapter |
|
|
Items included in 7.1.5 release
|
|
|
None
|
|
|
Items included in 7.0.4 release
|
|
APAR IV68849
|
Error on setting role when both username and groupname are same
|
|
|
Items closed in 7.0.3 version
|
|
|
Initial Version
|
Known Issues
Internal# |
APAR# |
Case# / Description |
N/A |
N/A |
.
|
Internal# |
APAR# |
Case# / Description |
RTC- 186434 |
|
There is known issue with IGI for handling canonical values for multivalued attributes. If the displayed value and value to be sent to the resource are different then IGI is not able to resolve it correctly. As a workaround for this adapter, the displayed values and actual values for the database privilege attribute have been made same. Meaning of the displayed values is given below -
CONNECT = Connect to database CREATETAB = Create tables BINDADD = Create packages CREATE_NOT_FENCED_ROUTINE = Register routines ... DBADM = Database administrator authority IMPLICIT_SCHEMA = Create schemas implicitly LOAD = Access to the load utility CREATE_EXTERNAL_ROUTINE = Create external routines QUIESCE_CONNECT = Connect to quiesced database SECADM = Security administrator authority
#For Version 10.1 and above ACCESSCTRL = Access control authority DATAACCESS = Data access authority EXPLAIN = Explain statement authority SQLADM = Manage statement execution authority WLMADM = Manage workloads authority
|
RTC Work Item 119670
|
|
DB2 UDB adapter only supports DB2 LUW not z/OS,iSeries
|
N/A |
N/A |
The following database privileges are only valid for DB2 10.1.x and above
· Access control authority · Data access authority · Explain statement authority · Manage statement execution authority · Manage workloads authority
|
N/A |
N/A |
The suspend operation only revoke the CONNECT database privilege.
|
RTC 191163 |
N/A |
we can not assign syscatspace and tempspace table space privilege. to the user. Please refer to doc https://www.ibm.com/docs/en/db2/11.5?topic=privileges-table-space and https://www.ibm.com/docs/en/db2/11.1?topic=statements-grant-table-space-privileges fot the same. |
See the IBM Security Verify Governance Adapter Adapter Installation Guide for detailed instructions. The DB2 Adapter Installation and Configuration Guide can be obtained from https://www.ibm.com/docs/en/svgaa?topic=svg1-z
The following configuration notes apply to this release:
None
Configuration Notes
The following configuration notes apply to this release:
None
IBM Security Verify Governance Adapter adapters can be customized and/or extended. The type and method of this customization may vary from adapter to adapter.
Refer to the IBM Security Verify Governance Adapter Development and Customization Guide
Support for Customized Adapters
The integration to the IBM Security Verify Governance Identity Manager server "the adapter framework" is supported. However, IBM does not support the customizations, scripts, or other modifications. If you experience a problem with a customized adapter, IBM Support may require the problem to be demonstrated on the GA version of the adapter before a Case is opened.
Installation Platform
The IBM Security Verify Governance Adapter Adapter was built and tested on the following product versions.
Adapter Installation Platform:
The following SDI releases are the officially supported versions:
· Security Directory Integrator 7.2 + FP6 + 7.2.0-ISS-SDI-LA0019
Earlier versions of TDI that are still supported may function properly, however to resolve any communication errors, you must upgrade your SDI releases to the officially supported versions by the adapter.
Managed Resource:
DB2 version 10.5.x
DB2 version 11.5.x
Note: This adapter does not support DB2 on zOS, iSeries
IBM Security Verify Governance Identity Manager : v10.x
IBM Security Verify Governance : v10.x
This information was developed for products and services offered in
the U.S.A. IBM may not offer the products, services, or features
discussed in this document in other countries. Consult your local IBM
representative for information on the products and services currently
available in your area. Any reference to an IBM product, program, or
service is not intended to state or imply that only that IBM product,
program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual
property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM
product, program, or service.
IBM may have patents or
pending patent applications covering subject matter described in this
document. The furnishing of this document does not give you any
license to these patents. You can send license inquiries, in writing,
to:
IBM
Director of Licensing
IBM Corporation
North Castle
Drive
Armonk, NY 10504-1785 U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:
Intellectual
Property Licensing
Legal and Intellectual Property Law
IBM
Japan, Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa
242-8502 Japan
This information could include technical inaccuracies or
typographical errors. Changes are periodically made to the
information herein; these changes will be incorporated in new
editions of the publication. IBM may make improvements and/or changes
in the product(s) and/or the program(s) described in this publication
at any time without notice.
Any references in this
information to non-IBM Web sites are provided for convenience only
and do not in any manner serve as an endorsement of those Web sites.
The materials at those Web sites are not part of the materials for
this IBM product and use of those Web sites is at your own risk.
IBM
may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to
you.
Licensees of this program who wish to have
information about it for the purpose of enabling: (i) the exchange of
information between independently created programs and other programs
(including this one) and (ii) the mutual use of the information which
has been exchanged should contact:
IBM
Corporation
2ZA4/101
11400 Burnet Road
Austin, TX
78758 U.S.A.
Such information may be available, subject to
appropriate terms and conditions, including in some cases, payment of
a fee.
The licensed program described in this information
and all licensed material available for it are provided by IBM under
terms of the IBM Customer Agreement, IBM International Program
License Agreement, or any equivalent agreement between us.
Any
performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating
environments may vary significantly. Some measurements may have been
made on development-level systems and there is no guarantee that
these measurements will be the same on generally available systems.
Furthermore, some measurements may have been estimated through
extrapolation. Actual results may vary. Users of this document should
verify the applicable data for their specific
environment.
Information concerning non-IBM products was
obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested
those products and cannot confirm the accuracy of performance,
compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed
to the suppliers of those products.
Trademarks
IBM,
the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at "Copyright and trademark
information" at www.ibm.com/legal/copytrade.shtml.
Microsoft,
Windows, and the Windows logo are trademarks of Microsoft Corporation
in the United States, other countries, or both.
Java and
all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates.