Overview

This resource allows you to manage a DB2 role. Here is an example on how to use this:

db2_role { 'db2inst1/MYDB/MY_ROLE':
  ensure   => 'present',
  grants   => ['DBADM', 'SECADM', 'ACCESSCTRL'],
  provider => 'db2',
  roles    => ['SYSTS_ADM', 'SYSTS_MGR', 'SYSDEBUG', 'SYSDEBUGPRIVATE'],
}

Attributes

Attribute Name Short Description
database_name The name of the database.
disable_corrective_change Disable the modification of a resource when Puppet decides it is a corrective change.
disable_corrective_ensure Disable the creation or removal of a resource when Puppet decides is a corrective change.
ensure The basic property that the resource should be in.
granted The grants you want to make sure are granted to the db2_user, db2_group, or db2_role`.
grants grants for this user or role.
instance_name The name of the instance.
name The full qualified name of the role.
provider resource.
remarks The comment on the object you are defining.
revoked The grants you want to make sure are revoked from the db2_user, db2_group or db2_role.
role_name The name of the db2 role.
roles roles for this user or role.

database_name

The name of the database.

Back to overview of db2_role

disable_corrective_change

Disable the modification of a resource when Puppet decides it is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_change parameter, you can disable corrective changes on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ...
  disable_corrective_change => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not modify the resource and signal an error:

    Error: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/parameter: change from '10' to '20' failed: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change. (corrective)

Back to overview of db2_role

disable_corrective_ensure

Disable the creation or removal of a resource when Puppet decides is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_ensure parameter, you can disable corrective ensure present or ensure absent actions on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ensure                    => 'present',
  ...
  disable_corrective_ensure => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not create or remove the resource and signal an error:

    Error: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure.
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/ensure: change from 'absent' to 'present' failed: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure. (corrective)

Back to overview of db2_role

ensure

The basic property that the resource should be in.

Valid values are present, absent.

Back to overview of db2_role

granted

The grants you want to make sure are granted to the db2_user, db2_group, or db2_role. It is different from the grants` property in the sense that this is not a full list of the rights, but just the rights that are granted to the user

Here is an example with an db2_user:

db2_user {'db2inst1/MYDB/my_user':
  ...
  granted => ['CREATETAB'],
  ...
}

Here is an example with an db2_role:

db2_role {'db2inst1/MYDB/my_role':
  ...
  granted => ['CREATETAB'],
  ...
}

**WARNING**

When you us both the `grants` and `granted` property, Puppet will give you a warning about conflicting values. In the end it **WILL** ensure
that the rights specified for the `revoked` property are removed. This way ensuring the most secure configuration.

Back to overview of db2_role

grants

grants for this user or role.

All the grants this resource has. Here is an example on how to use this on an db2_user:

db2_user { 'my_user@sid':
  ...
  grants => ['UNLIMITED TABLESPACE', 'CREATE PUBLIC SYNONYM'].
  ...
}

Here is an example on how to use this on an db2_role:

db2_role { 'my_role@sid':
  ...
  grants => ['UNLIMITED TABLESPACE', 'CREATE PUBLIC SYNONYM'].
  ...
}

Back to overview of db2_role

instance_name

The name of the instance.

Back to overview of db2_role

name

The full qualified name of the role.

Back to overview of db2_role

provider

The specific backend to use for this db2_role resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.Available providers are:

db2
Manage an Db2 role

Back to overview of db2_role

remarks

The comment on the object you are defining.

Back to overview of db2_role

revoked

The grants you want to make sure are revoked from the db2_user, db2_group or db2_role. It is different from the grants property in the sense that this is not a full list of the rights, but just the rights that are NOT granted to the user

Here is an example when using db2_user:

db2_user {'db2inst1/MYDB/my_user':
  ...
  revoked => ['CREATETAB'],
}

Here is an example when using db2_role:

db2_role {'db2inst1/MYDB/my_role':
  ...
  revoked => ['CREATETAB'],
}

WARNING

When you us both the grants and revoked property, Puppet will give you a warning about conflicting values. In the end it WILL ensure that the rights specified for the revoked property are removed. This way ensuring the most secure configuration.

Back to overview of db2_role

role_name

The name of the db2 role.

Back to overview of db2_role

roles

roles for this user or role.

All the roless this resource has. Here is an example on how to use this on an db2_user:

db2_user { 'my_user@sid':
  ...
  roles => ['ROLE_1', 'ROLE_2'].
  ...
}

Here is an example on how to use this on an db2_role:

db2_db2_role { 'my_role@sid':
  ...
  roles => ['ROLE_1', 'ROLE_2'].
  ...
}

Back to overview of db2_role