DAV security

It is important to note that even though DAVs exist in DB2®, Domino® still manages user access to them. The ability to read Domino® data from DB2® is enforced with the same basic security as that for using the NSF itself. Therefore, in order to access a DAV through DB2®, the DB2® user's associated Notes® ID must:

  • Have access to the Domino® server on which the DB2® enabled Notes® database resides.
  • Have access to the DB2® enabled Notes® database.
  • Have proper Notes® Access Control List (ACL) permissions to perform the requested operation. For example, the user must have Reader access or higher to issue a SELECT against the DAV, and they must have Author or Depositor access to INSERT into the DAV
  • Be included in the reader lists of the specific notes that are included in the DAV.
Note: Because notes in NSFs translate to rows in DB2® enabled Notes® databases, Domino® essentially adds row level security to DB2® data through the use of reader lists. If two different users perform a select on a DAV (SELECT * from test.dav), they might get different numbers of rows returned, depending on the notes to which they have read access

Furthermore, the following must be true in order for either a Domino® Designer or DB2® user to access DAVs:

  • The Domino® server on which the DB2® enabled NSF resides must be up and running.
  • The user who is trying to access this data must have both a DB2® OS account name ID (to use in the SQL connect statement) and a Notes® User ID.
  • In order to run any query views, Notes® data or federated data, You need a DB2® OS account name in addition to your Notes® user ID. These IDs must be linked in the Domino® Directory via a DB2® account name in your Person document (Administration tab). This maps your Notes® ID to a DAV or QV. Have the Domino® Administrator use the "Set DB2® user name" tool in the Domino® Administrator Client to set this field.
  • The DB2® user must have access to the DAV itself (this is the default when the DAV is created in Designer)