Chapter 8. Network trusted contexts and roles 213
With these capabilities, customers can create DBA procedures that can be
audited and protected so that one individual cannot violate the established rules
without being detected during the audit review.
Although a total segregation of duties eliminates this risk, the new trusted context
and role capabilities can be used to reduce this risk by limiting how and when the
production environment can be accessed for this DBA, while allowing full
privileges and full time access to the development environment.
Full-time access to sensitive/private data
By having roles own objects, even tighter controls can be implemented. Using
roles allows customers to move to a model where DBAs have no access to data
in production except when they are performing approved scheduled DBA
activities. The ability to do those activities can be controlled with a trusted context
and a temporary role.
DBADM can create view for another ID, but cannot drop/alter
A trusted context can allow an authid with DBADM or any permitted user to
assume the identity of another user, such as the view owner, and then perform
the desired actions.
Without reserving a RACF group, a table can be dropped
To further protect your tables from this known gap, grant the create table or
DBADM privilege solely to a role with role ownership and use the role to create
all the tables.
Privileges granted can be exercised from anywhere
When granting the UPDATE privilege on a payroll table to an authid, it is a better
situation if this privilege is available to the authid only when it is connected to a
computer located inside the company offices. The new trusted context and role
capabilities allow the DBA to GRANT privileges, for example, UPDATE, that can
only be used from a specified list of IP addresses.
8.6 Role ownership of objects
Outside trusted contexts and roles, object ownership is tied to a user. When a
user creates an object, the user becomes the owner of the object. If that user
changes jobs within the company or leaves the company, in order to remove the
privileges of that user on the object, the object has to be dropped, and as a