To each user of the web console, you will first grant access to the web console, and then grant access to the specific tasks the user will perform with the web console.
The first tier of user access is to the web console. The web console products provide the repository database authentication method for access to the web console. All users that are allowed to connect to the repository database can be granted access privileges to the web console.
To set up web console access, you must ensure that the repository database is set-up with an authentication method such as local operating system, Lightweight Directory Access Protocol (LDAP), or NIS+.
For example, if you want to use LDAP to authenticate users through the repository database, you must ensure that the DB2® instance is configured to use LDAP authentication (see Using LDAP with repository database authentication).
A user with Administrator privileges can use the Console Security page of the web console to grant web console privileges such as Viewer or Administrator to each user that is defined for the repository database. Both Viewer and Administrator privileges allow a user to log on to the web console, but only users with Administrator privileges can change global settings.
The second tier of user access is to the different types of data and tasks permitted for a specific database. A user with Administrator or Is Database Owner privileges for an individual database can grant these privileges to users of the database on the Grant and Revoke tab of the Manage Privileges page. These privileges, which might include the Is Database Owner privilege, the Can Monitor privilege, the Can Manage Alerts privilege, and the Can Manage Jobs privilege, apply only after the user logs in to the web console.
An administrator can use the Enable and Disable tab of the Manage Privileges page to configure the requirement for the various privileges for each database. If a privilege requirement is disabled for a database, all web console users can do actions that are normally restricted by that privilege. For example, if the Can Manage Jobs privilege requirement is disabled, all web console users can create and manage jobs.