IBM Db2

Description

The IBM Db2 connector uses a JDBC connection to the Db2 database to enumerate database users, roles, and privilege grants. It queries the Db2 system catalogue views to discover granted authorities, role memberships, and schema-level privileges, enabling complete visibility into database-tier access.

System Type Classification

Field	Value
System Type	Infrastructure
Default Scan Priority	200

Version Support

OrbisID Edition	Supported
Community	No
Pro	Yes
Enterprise	Yes

Supported Protocol

Protocol	Port	Notes
JDBC (IBM Db2 JDBC Driver)	50000 TCP	Unencrypted by default; SSL available on port 50001

What OrbisID Discovers

Data	Source
Database users	`SYSCAT.DBAUTH` system view
Database roles	`SYSCAT.ROLES`
Role memberships	`SYSCAT.ROLEAUTH`
Database authorities	`DBADMAUTH`, `SECADMAUTH` columns in `SYSCAT.DBAUTH`
Schema privileges	`SYSCAT.SCHEMAAUTH`

Connection Requirements

Required Permissions

The scanning credential must be a Db2 user with SELECT access to the system catalogue.

Minimum permissions:

SELECT on SYSCAT.DBAUTH
SELECT on SYSCAT.ROLES and SYSCAT.ROLEAUTH
SELECT on SYSCAT.SCHEMAAUTH

Credential Mapping

OrbisID Field	Value
`credential.username`	Db2 username
`credential.password`	Db2 password
`system.hostname`	Db2 server hostname or IP
`system.port`	Db2 port (default 50000)
`system.databaseName`	Target database name

Network Requirements

The OrbisID server must have TCP access to the Db2 server on port 50000 (or 50001 for SSL).

Configuration Steps

Create a Db2 user (OS-level or LDAP) with catalogue read access:

GRANT SELECT ON SYSCAT.DBAUTH TO USER orbisid_scanner;
GRANT SELECT ON SYSCAT.ROLES TO USER orbisid_scanner;
GRANT SELECT ON SYSCAT.ROLEAUTH TO USER orbisid_scanner;

Create a Credential in OrbisID:
- Username: orbisid_scanner
- Password: Database password
Navigate to Systems → Add System
Fill in the fields:

Field	Value
Name	Descriptive name (e.g., `IBM Db2 – PRODDB`)
OS Type	`IbmDb2`
System Type	`Infrastructure`
Hostname	Db2 server hostname
Port	`50000`
Database Name	Target database name
Credential	The scanning credential

Click Test Connection
Click Save

Troubleshooting

Symptom	Likely Cause	Resolution
`Authentication failed`	Invalid credentials	Verify OS-level or LDAP credentials for the Db2 user
`SQL1092N`	Insufficient catalogue privileges	Grant SELECT on required SYSCAT views
Cannot connect	Port blocked	Verify TCP 50000 is open from OrbisID to the Db2 server
`Driver not found`	Missing Db2 JDBC driver	Ensure `db2jcc4.jar` is in the OrbisID classpath

Description​

System Type Classification​

Version Support​

Supported Protocol​

What OrbisID Discovers​

Connection Requirements​

Required Permissions​

Credential Mapping​

Network Requirements​

Configuration Steps​

Troubleshooting​