Before you begin defining the TBC data warehouse, you must set up security for the warehouse. In this lesson, you will learn how to perform the following tasks:
- Specify the warehouse control database
- Start the Data Warehouse Center
- Define a warehouse user
- Define the warehouse group
This lesson takes approximately 15 minutes to complete.
After you set up security for the warehouse, you can grant access to the warehouse objects that you create in later lessons.
How security works in the Data Warehouse Center
The first level of security is the logon user ID that is in use when you open the Data Warehouse Center. Although you log on to the DB2 Control Center, the Data Warehouse Center verifies that you are authorized to open the Data Warehouse Center administrative interface by comparing your user ID to entries in the warehouse control database. The warehouse control database contains the control tables that are required to store Data Warehouse Center metadata. You initialize the control tables for this database when you install the warehouse server as part of DB2 Universal Database or use the Data Warehouse Center Control Database Management window. During initialization, you specify the ODBC name of the warehouse control database, a valid DB2 user ID, and a password. The Data Warehouse Center authorizes this user ID and password to update the warehouse control database. In the Data Warehouse Center, this user ID is defined as the default warehouse user.
The default warehouse user requires a different type of database and operating system authorization for each operating system that the warehouse control database supports.
Access to Data Warehouse center objects and functions
The default warehouse user is authorized to access all Data Warehouse Center objects and perform all Data Warehouse Center functions. However, you probably want to restrict access to certain objects within the Data Warehouse Center and the tasks that users can perform on the objects. For example, warehouse sources and warehouse targets contain the user IDs and passwords for their corresponding databases. You might want to restrict access to the warehouse sources and warehouse targets that contain sensitive data, such as personnel data.
To provide this level of security, the Data Warehouse Center provides a security system that is separate from the database and operating system security. To implement Data Warehouse Center security, you define warehouse users and warehouse groups. A warehouse group is a named grouping of warehouse users and their authorization to perform functions. Warehouse users and warehouse groups do not have to match the database users and database groups that are defined for the warehouse control database.
For example, you might define a warehouse user that corresponds to someone who uses the Data Warehouse Center. You might then define a warehouse group that is authorized to access certain warehouse sources, and add the new user to the new warehouse group. The new user is authorized to access the warehouse sources that are included in the group.
You can give users different levels of authorization. You can include any of the different types of authorization in a warehouse group. You can also include a warehouse user in more than one warehouse group. The combination of the groups to which a user belongs is the user’s overall authorization.
Specifying the warehouse control database
When you install the Data Warehouse Center, if you specify to prepare the metadata during the installation, the installation process registers the default warehouse control database as the active warehouse control database. However, you must use the TBC_MD database in the sample as the warehouse control database so that you can use the sample metadata. To make TBC_MD the active database, you must reinitialize it.
To specify the warehouse control database, TBC_MD:
1. Click Start —> Programs —> IBM DB2 —> Set-up Tools —> Warehouse Control Database Management.
2 BI Tutorial: Introduction to the Data Warehouse Center
The Data Warehouse Center – Control Database Management window opens.
- In the New control database field, type:
- In the Schema field, use the default schema of IWH.
- In the User ID field, type the user ID that is required to access the database.
- In the Password field, type the name of the password for the user ID.
- In the Verify password field, type the password again.
- Click OK.
The window remains open. The Messages field displays messages that
indicate the status of the creation and migration process.
- After the process is complete, click Close to close the window. TBC_MD is now the active warehouse control database.
Starting the Data Warehouse Center
In this exercise, you will start the Data Warehouse Center and log on as the default warehouse user. When you log on, you will use the TBC_MD warehouse control database. The default warehouse user for TBC_MD is the user ID that you specified when you created the data warehousing sample databases.
TBC_MD must be a local database or a cataloged remote database on the workstation that contains the warehouse server. It must also be a local or cataloged remote database on the workstation that contains the Data Warehouse Center administrative client.
To start the Data Warehouse Center:
- Click Start —> Programs —> IBM DB2 —> Business Intelligence Tools —> Data Warehouse Center.
The Data Warehouse Center Logon window opens.
- Click Advanced.
The Advanced window opens.
- In the Control database field, type the name of the warehouse control database that is included in the sample:
- In the Server host name field, type the TCP/IP hostname for the workstation where the warehouse server is installed.
- Click OK.
The Advanced window closes.
The next time that you log on, the Data Warehouse Center will use the settings that you specified in the Advanced Logon window.
- In the User ID field of the Data Warehouse Center Logon window, type the default warehouse user ID.
- In the Password field, type the password for the user ID.
- Click OK.
The Data Warehouse Center Logon window closes.
- Close the Data Warehouse Center Launchpad window if it is open.
Defining a warehouse user
In this exercise, you will define a new user to the Data Warehouse Center.
The Data Warehouse Center controls access with user IDs. When a user logs on, the user ID is compared to the warehouse users that are defined in the Data Warehouse Center to determine whether the user is authorized to access the Data Warehouse Center. You can authorize additional users to access the Data Warehouse Center by defining new warehouse users.
The user ID for the new user does not require authorization to the operating system or the warehouse control database. The user ID exists only within the Data Warehouse Center.
To define a warehouse user:
1. In the left pane of the main Data Warehouse Center window, expand the Administration tree.
2. Expand the Warehouse Users and Groups tree.
3. Right-click the Warehouse Users folder, and click Define. The Define Warehouse User notebook opens.
4. In the Name field, type the name of the user:
The name identifies the user ID within the Data Warehouse Center. This name can be up to 80 characters, including spaces.
5. In the Administrator field, type your name as the contact for this user.
6. In the Description field, type a short description of the user:
This is a user that I created for the tutorial.
7. In the User ID field, type the new user ID:
The user ID must be no longer than 60 characters and cannot contain spaces, dashes, or special characters (such as @, #, $, %, >, +, =). It can contain the underscore character.
Specifying a unique user ID:
To determine if a user ID and password is unique:
- From the main Data Warehouse Center window, expand the Administration tree.
- Click on the Warehouse Users folder. All of the user IDs for the data warehouse appear in the right panel. Any ID that does not appear in the right panel is a unique ID.
8. In the Password field, type the password:
Passwords must be a minimum of six characters and cannot contain spaces, dashes, or special characters.
9. In the Verify password field, type your password again.
10. Click OK to save the warehouse user and close the notebook.
Defining the warehouse group
In this exercise, you will define a warehouse group to authorize the tutorial user, tutuser, that you just created to perform tasks.
To define the warehouse group:
1. In the main Data Warehouse Center window, right-click the Warehouse Groups folder, and click Define.
The Define Warehouse Group notebook opens.
- In the Name field, type the name for the new group:
Tutorial Warehouse Group
- In the Administrator field, type your name as the contact for this new group.
- In the Description field, type a short description of the new group:
This is the warehouse group for the tutorial.
- Click>> to move all of the privileges from the Available privileges to the Selected privileges list. This selects all of the privileges for your group.
Your group now has the following privileges:
Users in the warehouse group can define and change warehouse users and warehouse groups, change Data Warehouse Center properties, import metadata, and define which warehouse groups have access to objects when they are created.
Users in the warehouse group can monitor the status of scheduled processing.
- Click the Warehouse Users tab.
- From the Available warehouse users list, select the Tutorial User.
The Tutorial User moves to the Selected warehouse users list.
The user is now part of the warehouse group.
Skip the Warehouse Sources and Targets page and the Processes page. You will create these objects in subsequent lessons. You will authorize the warehouse group to access objects as you create them.
- Click OK to save the warehouse user group and close the notebook.
What you just did
In this lesson, you:
- Started the Data Warehouse Center interface and logged on as the default user.
- Specified a warehouse control database.
- Defined a warehouse user.
- Defined a warehouse group.
In subsequent lessons, you will authorize the warehouse group to access the objects that you define.