DAV security

It is important to note that even though DAVs exist in DB2®, Domino® still manages user access to them. The ability to read Domino data from DB2 is enforced with the same basic security as that for using the NSF itself. Therefore, in order to access a DAV through DB2, the DB2 user's associated Notes® ID must:

  • Have access to the Domino server on which the DB2 enabled Notes database resides.
  • Have access to the DB2 enabled Notes database.
  • Have proper Notes Access Control List (ACL) permissions to perform the requested operation. For example, the user must have Reader access or higher to issue a SELECT against the DAV, and they must have Author or Depositor access to INSERT into the DAV
  • Be included in the reader lists of the specific notes that are included in the DAV.
Note: Because notes in NSFs translate to rows in DB2 enabled Notes databases, Domino essentially adds row level security to DB2 data through the use of reader lists. If two different users perform a select on a DAV (SELECT * from test.dav), they might get different numbers of rows returned, depending on the notes to which they have read access

Furthermore, the following must be true in order for either a Domino Designer or DB2 user to access DAVs:

  • The Domino server on which the DB2 enabled NSF resides must be up and running.
  • The user who is trying to access this data must have both a DB2 OS account name ID (to use in the SQL connect statement) and a Notes User ID.
  • In order to run any query views, Notes data or federated data, You need a DB2 OS account name in addition to your Notes user ID. These IDs must be linked in the Domino Directory via a DB2 account name in your Person document (Administration tab). This maps your Notes ID to a DAV or QV. Have the Domino Administrator use the "Set DB2 user name" tool in the Domino Administrator Client to set this field.
  • The DB2 user must have access to the DAV itself (this is the default when the DAV is created in Designer)