Creating a trusted-context object

You must create trusted-context objects before you can create trusted connections to a database server.

Before you begin

If you are managing trusted-connection users' access privileges, verify that the privileges available through currently defined ROLE objects are appropriate, or request that the Database Administrator define roles with privileges appropriate for users.

Procedure

To create trusted-context objects, use the CREATE TRUSTED CONTEXT statement. Define the attributes of the object to meet the requirements of database users.
  • After the CREATE TRUSTED CONTEXT clause, specify the name of the trusted-context object.
  • After the USER keyword, specify the system authorization ID (user ID) of the primary user.
    Note: The BASED UPON CONNECTION USING SYSTEM AUTHID clause used for IBM® DB2® servers also works in place of the USER keyword.
  • After the ADDRESS keyword, specify the IPv4 addresses, IPv6 addresses, or secure domain names of all workstations that must use a trusted connection.
    Note: Locations based on Dynamic Host Configuration Protocol (DHCP) must not be used. Recycling IP addresses can result in unapproved users receiving trusted-locations status.
  • Enter the ENABLE attribute to make the trusted-context object functional. Trusted-context objects have default state of DISABLE.
  • If the connection is used by multiple, specific users, specify other trusted-connection users' IDs after the WITH USE FOR clause.
  • If the connection is available to any user, enter the PUBLIC attribute after the WITH USE FOR clause.
  • If you are specifying authentication (password) requirements for users, use the WITH AUTHENTICATION or WITHOUT AUTHENTICATION attributes after each user's ID or after the WITH USE FOR PUBLIC clause.
  • If you are assigning roles to specific users, use ROLE keyword, followed by the role name, after the user's WITH AUTHENTICATION or WITHOUT AUTHENTICATION attributes.
  • If you are assigning a default role to users, use the DEFAULT ROLE clause, followed by the role name. Trusted-context objects have default state of NO DEFAULT ROLE.

What to do next

After you have created a trusted-context object, you can make changes to it by using the following statements:
  • Use the ALTER TRUSTED CONTEXT statement to change the definition of a trusted-context object.
  • Use the RENAME TRUSTED CONTEXT statement to change the name of a trusted-context object.
  • Use the DROP TRUSTED CONTEXT statement to remove the trusted-context definition from the HCL OneDB™ system catalog.