| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| WBI Service ID - DB access confusion |
« View previous topic :: View next topic » |
| Author |
Message
|
| mqrules |
 Posted: Thu Aug 18, 2005 11:45 am Post subject: WBI Service ID - DB access confusion |
 |
|
Centurion
Joined: 01 Jun 2005
Posts: 100
Location: US
|
Hi all,
I have read the WBI Installation manual page 4-5… I have some questions. Here is my scenario:
- Config Mgr Service ID= domainCM1… on server1 (Windows) … DB2 -- >CMDB
- Broker Service ID = domainDB2 …. On server2 (Windows) …. DB2 -- >BRDB
Local ID on server2: localID2
- On mqsicreatebroker –i domainBR2 –u localID2 ……
- Business data is on BusinessDB
Permissions I should give, correct me if I am wrong:
domainCM1 = should have access to CMDB (not to BRDB)
domainBR2 = should have access to BRDB (not to CMDB)
localID2 = should have access to BRDB
My questions:
1-When a msg Flow is deployed and a node is accessing the BusinessDB, which ID is used to access the DB? Broker service ID (domainBR2) or localID2? I would assume that domainBR2 would have to have access to the BusinessDB. No? In other words, all calls to the DB are made with domainBR2 service ID, or localID2? If you wanted to use johnID to access the BusinessDB then I think you could specify that on the node1 and maryID on the node2 instead as well (as long as they have access to the DB); correct?
2-Manual says that when the CM and Broker are on different server and you create them with a different service ids, they should be defined on the other system as well, for deployment to work.
a. It does not make sense if both servers (Windows) belong to the same domain controller. Correct? But if you are using local ids for the Service IDs, then it kind of makes sense. However, mere definition of the ID on the other server would not work if the ID does not have certain privileges.
b. If one is Windows and the other is UNIX, the same question: How my defining the other userid on the other system going to make a difference if I don’t give them certain privileges? Manual doesn’t say anything about this point.
Your insight/clarification on these points would be much appreciated. TIA
mr |
|
| Back to top |
|
 |
| mqrules |
| Posted: Fri Aug 19, 2005 7:45 am Post subject: |
|
|
Centurion
Joined: 01 Jun 2005
Posts: 100
Location: US
|
Let me reword my questions (hoping to get some respsonse from the forum):
1- During the flow execution, which ID accesses the database (not the Broker DB). Is it the Broker service id or the database's local id on Windows? Is it possible for different nodes in the flow to access the DB with with a different userid?
2- If CM and Broker are on different servers, and I use different local ids for Service IDs, I know should define each of these ids on the other server as well. But what authorites do they require on the other server?
TIA
mr |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Fri Aug 19, 2005 7:50 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
The userid that application databases is accessed with is controlled by mqsisetdbparms.
You do not need to explicitly define the CM service user on the broker machine, or the broker service user on the CM machine. You can merely grant them the needed MQ authorizations using setmqaut.
The permissions neccessary should be documented in the Info Center.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
