29 August,2010 by Tom Collins
There are normally 3 levels of security -
a)Controlling access to the instance
b)Controling access to the database
c)Controlling acess to the data itself
There is one authentiaction type set for any instance.
Authentication Types available
==================================
SERVER - ID & password compare at server side
SERVER_ENCRYPT - ID & password compare at server side
CLIENT - ID & password compare at client side
KERBEROS - ID & password compare at server side with Kerberos security facility
KRB_SERVER_ENCRYPT - Authentication on server side
DATA_ENCRYPT - Authentication occurs on the server side
DATA_ENCRYPT_CMP - Authentication occurs at the server side
GSSPLUGIN - Authentication occurs at the server side
GSS_SERVER_ENCRYPT - Authentication occurs at the server side
Notes:
1)In a client server framework , the passwords would be verified at the client operating system or application server.
Authorities
=================================
SYSADM - System Administrator Authority
SYSCTRL - System Control Authority
SYSMAINT - System Maintenance authority
SYSMON - System Monitor authrotity
DBADM - Database Administrator authrotity
SECADM - Security Administrator authority
LOAD - Load authority
Notes:
1)The Database Manager Configuration file grants the SYSMAINT authority
Database Privileges
================================
CONNECT
QUIESCE_CONNECT
IMPLICIT_SCHEMA
CREATETAB
BINDADD
CREATE_EXTERNAL_ROUTINE
CREATE_NOT_FENCED_ROUTINE
LOAD
Object Privileges
==============================
Table Space Privileges (USE)
Schema Privileges (CREATEIN,ALTERIN,DROPIN)
Table Privileges (CONTROL,ALTER,SELECT,INSERT,UPDATE,DELETE,INDEX,REFERENCES)
View Privileges (CONTROL,SELECT,INSERT,UPDATE,DELETE)
Index Privileges (CONTROL)
Sequence Privileges (USAGE,ALTER)
Routine Privileges (EXECUTE)
Package Privileges (CONTROL,BIND,EXECUTE)
Nickname Privileges (CONTROL,ALTER,SELECT,INSERT,UPDATE,DELETE,INDEX,REFERENCES)
Server Privileges (PASSTHRU)
Distinct Type(iSeries\zSeries DB2) (USAGE)
Notes:
1)To use a Package both the CONNECT and EXECUTE privileges are required in order to use a package
GRANT and REVOKE
==============================
Use the GRANT command to to give explicit database and object privileges
Use the REVOKE command to revoke database and oject level privileges
Ref:Jack Vamvas(http://www.dba-db2.com)
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |