Creating a trusted-context object
You must create trusted-context objects before you can create trusted connections to a database server.
Before you begin
Procedure
To create trusted-context objects, use the CREATE TRUSTED
CONTEXT statement. Define the attributes of the object to meet the
requirements of database users.
- After the CREATE TRUSTED CONTEXT clause, specify the name of the trusted-context object.
- After the USER keyword, specify the system
authorization ID (user ID) of the primary user. Note: The BASED UPON CONNECTION USING SYSTEM AUTHID clause used for IBM® DB2® servers also works in place of the USER keyword.
- After the ADDRESS keyword, specify the IPv4
addresses, IPv6 addresses, or secure domain names of all workstations
that must use a trusted connection.Note: Locations based on Dynamic Host Configuration Protocol (DHCP) must not be used. Recycling IP addresses can result in unapproved users receiving trusted-locations status.
- Enter the ENABLE attribute to make the trusted-context object functional. Trusted-context objects have default state of DISABLE.
- If the connection is used by multiple, specific users, specify other trusted-connection users' IDs after the WITH USE FOR clause.
- If the connection is available to any user, enter the PUBLIC attribute
after the
WITH USE FOR
clause. - If you are specifying authentication (password) requirements for users, use the WITH AUTHENTICATION or WITHOUT AUTHENTICATION attributes after each user's ID or after the WITH USE FOR PUBLIC clause.
- If you are assigning roles to specific users, use
ROLE
keyword, followed by the role name, after the user's WITH AUTHENTICATION or WITHOUT AUTHENTICATION attributes. - If you are assigning a default role to users, use the
DEFAULT ROLE
clause, followed by the role name. Trusted-context objects have default state of NO DEFAULT ROLE.
What to do next
- Use the ALTER TRUSTED CONTEXT statement to change the definition of a trusted-context object.
- Use the RENAME TRUSTED CONTEXT statement to change the name of a trusted-context object.
- Use the DROP TRUSTED CONTEXT statement to remove the trusted-context definition from the HCL OneDB™ system catalog.