Connecting to target databases : Pre-configuration for monitoring target databases : DB2 target database pre-configuration
DB2 target database pre-configuration
Users and privileges required by the DB2 agent
The FortiDB DB2 agent periodically sends a request to the DB2 database to transmit its audit data to a file system location that belongs to the agent’s temporary directory. The agent then transmits the audit files to the FortiDB repository You can also configure the agent to remove the audit data from the DB2 database.
To perform these tasks, the FortiDB DB2 agent requires read and write access to the audit data files. To give the agent this access, you configure it to run using the login credentials of the database instance owner (which are the credentials used to run the DB2 server).
In addition, to install the agent on Windows, the database user that runs the DB2 agent is required to be a member of the DB2ADMINS user group. You can remove the user from this group after installation is complete.
Required DB2 users
Required privileges
DB2 instance owner
DB2 instance owner
Default DB2 instance owner privileges
FortiDB DB2 database user
Connects FortiDB to the DB2 target database
Security administration authority (SECADM), which is required to configure and manage database auditing
For databases installed on Windows:
DB2 instance owner
Membership in DB2ADMNS or DB2USERS user group
DB2 user for installing and running the agent
Runs the DB2 agent
DB2 instance owner
For installing on Windows, be a member of the DB2ADMNS user group
See also
Configuring the DB2 database and installing the agent
Adding (or modifying) a target connection
Configuring DB2 monitoring