Security for IBM Replication is a matter of database security. The entire system is table driven, and therefore security of all IBM Replication objects involves database security mechanisms.
Each database has an administrator, who requires sufficient privileges to define replication sources and targets. Additionally, the Apply program uses a qualifier that must be coordinated, but the same user ID can be used to run multiple Apply program instances.
During the initial defining of replication sources and subscriptions, many tables are created. Depending on the platform, table spaces or dbspaces might also be created. All of these actions require a fairly high level of database privilege, and therefore you should plan on having at least one user ID that acts as the replication administrator and has the authority to create objects and bind plans on each of the replication databases.
The administrator user ID must be a valid logon ID at both the workstation where the Control Center is installed and the source and target sites. The administrator user ID can be used as the user ID running the Capture program or the Apply program, but this is not a requirement.
The user ID that runs the Capture program must be able to access the system catalog tables, be able to access and update all IBM Replication control tables that are built at the source database, subsystem, or data sharing group, and have execute privileges on the Capture program plan.
For more information about authorization requirements for the Capture program, see the Capture and Apply chapter for your platform in this book.
The Apply program user ID must be a valid logon ID on the source, control, and target servers, and the workstation where the Control Center is installed. The user ID that runs the Apply program must be able to access the replication source tables; access and update all IBM Replication control tables that are built at the source and target database, subsystem, or data sharing group; and update the replication target tables. This user ID must also have execute privileges on the Apply program plan. With the proper authorization, any user ID can run any Apply program instance.
An Apply program running on DB2 Universal Database might require a password file to connect to the source or target server. For an explanation of configuring security when the Apply program is running on DB2 Universal Database, and more information about authorization requirements for the Apply program, see the Capture and Apply chapter for your platform in this book.