Book description
IBM® DB2® 9 and 10 for z/OS® have added functions in the areas of security, regulatory compliance, and audit capability that provide solutions for the most compelling requirements.
DB2 10 enhances the DB2 9 role-based security with additional administrative and other finer-grained authorities and privileges. This authority granularity helps separate administration and data access that provide only the minimum appropriate authority.
The authority profiles provide better separation of duties while limiting or eliminating blanket authority over all aspects of a table and its data. In addition, DB2 10 provides a set of criteria for auditing for the possible abuse and overlapping of authorities within a system.
In DB2 10, improvements to security and regulatory compliance focus on data retention and protecting sensitive data from privileged users and administrators. Improvements also help to separate security administration from database administration.
DB2 10 also lets administrators enable security on a particular column or particular row in the database complementing the privilege model.
This IBM Redbooks® publication provides a detailed description of DB2 10 security functions from the implementation and usage point of view. It is intended to be used by database, audit, and security administrators.
Table of contents
- Figures
- Tables
- Examples (1/2)
- Examples (2/2)
- Notices
- Preface
- Part 1: Security for DB2 for z/OS
- Chapter 1: Security regulations
- Chapter 2: Introduction to security for DB2 for z/OS
- Part 2: DB2 capabilities
-
Chapter 3: Administrative authorities and security-related objects
- 3.1: Rationale for new features
- 3.2: Management of security-related objects
- 3.3: SECADM
- 3.4: SYSTEM DBADM
- 3.5: ACCESSCTRL
- 3.6: DATAACCESS
-
3.7: Reassigning powerful privileges held by SYSADM and SYSCTRL
- Maintaining a existing common model
- Separating security administration from system administration
- Separating the system database administration from system and security administration
- Separating system database administration without access control
- Keeping security simple
- Dependent privileges with new authorities
- 3.8: Revoking without cascade
- 3.9: Debugging and performance analysis privileges
- 3.10: DSNZPARMs related to security
-
Chapter 4: Roles and trusted contexts
- 4.1: Existing challenges
- 4.2: Roles
- 4.3: Trusted contexts
-
4.4: Challenges addressed by roles and trusted contexts
- Trusting all connection requests
- Application server user ID and password (three-tier architecture)
- Dynamic SQL auditability
- Allowing connections without credentials
- Shared SYSADM ID
- Dual responsibilities
- Full-time access to sensitive/private data
- DBADM create view and drop / alter
- Reserving a RACF group and table dropping
- Exercising granted privileges
- 4.5: Example of a local trusted context: Securing DBA activities
- 4.6: Example of a remote trusted connection
- 4.7: Example of a remote trusted connection with multiple users
- 4.8: Protecting new DB2 10 administrative authorities
- Chapter 5: Data access control
- Chapter 6: Cryptography for DB2 data
- Chapter 7: User authentication
- Chapter 8: Audit policies
-
Chapter 9: RACF and DB2
- 9.1: Authorization IDs for accessing data within DB2
- 9.2: DB2 managed security
-
9.3: RACF managed security
- The RACF access control module
- RACF profiles and class structure
- RACF defined administration privilege profiles
- Activating and using RACF classes
- RACF sample scenario (1/2)
- RACF sample scenario (2/2)
- RACF/DB2 Conversion Utility
- RACF SMF data unload utility IRRADU00
- Using the RACF database unload utility IRRDBU00
- Part 3: Implementation scenarios
- Chapter 10: Implementing data access control
- Chapter 11: Remote client applications access
-
Chapter 12: Database monitoring and the audit application
- 12.1: Activity monitoring options on DB2 for z/OS
-
12.2: Tivoli OMEGAMON for DB2 Performance Expert Version V5R1
- Executing the OMEGAMON PE batch reporter
- Loading event data into DB2 tables SQL based reporting
- OMEGAMON PE Performance Database
- Authorization failure reporting and loading events into DB2
- Monitoring and reporting on changes in the security environment
- Monitoring the use of privileges in DB2
- Finding the dynamic statement
- Considerations for reporting using the OMEGAMON PE audit tables
- Chapter 13: DB2 temporal support
- Part 4: Security tools
- Chapter 14: Security tools for discovery and control
-
Chapter 15: Auditing and InfoSphere Guardium
- 15.1: InfoSphere Guardium
- 15.2: Database security functionality using InfoSphere Guardium
- 15.3: InfoSphere Guardium S-TAP for DB2 for z/OS (1/2)
-
15.3: InfoSphere Guardium S-TAP for DB2 for z/OS (2/2)
- Event collection
- SQL inspection and performance monitoring
- Building audit reports with InfoSphere Guardium (1/2)
- Building audit reports with InfoSphere Guardium (2/2)
- InfoSphere Guardium Vulnerability Assessment reporting (1/2)
- InfoSphere Guardium Vulnerability Assessment reporting (2/2)
- InfoSphere Guardium data classification (1/2)
- InfoSphere Guardium data classification (2/2)
- Part 5: Appendixes
- Appendix A: Spiffy Computer Company security setup
- Appendix B: Introduction to cryptography
- Abbreviations and acronyms
- Related publications
- Index (1/3)
- Index (2/3)
- Index (3/3)
- Back cover
Product information
- Title: Security Functions of IBM DB2 10 for z/OS
- Author(s):
- Release date: September 2011
- Publisher(s): IBM Redbooks
- ISBN: None
You might also like
book
IBM DB2 12 for z/OS Technical Overview
IBM® DB2® 12 for z/OS® delivers key innovations that increase availability, reliability, scalability, and security for …
book
IBM z/OS V2R2 Communications Server TCP/IP Implementation: Volume 4 Security and Policy-Based Networking
Abstract For more than 50 years, IBM® mainframes have supported an extraordinary portion of the world's …
book
IBM ZPDT Guide and Reference
This IBM® Redbooks® publication provides both introductory information and technical details about the IBM System z® …
book
DB2® Universal Database for OS/390® Version 7.1 Certification Guide
IBM's definitive, authoritative DB2 for OS/390 and z/OS reference and self-study guide! The only comprehensive IBM(r) …