DB2 - A Security Primer

29 August,2010 by Jack Vamvas


There are normally 3 levels of security -
a)Controlling access to the instance
b)Controling access to the database
c)Controlling acess to the data itself


There is one authentiaction type set for any instance.

Authentication Types available
==================================
SERVER   -  ID & password compare at server side
SERVER_ENCRYPT  - ID & password compare at server side
CLIENT - ID & password compare at client side
KERBEROS  - ID & password compare at server side with Kerberos security facility
KRB_SERVER_ENCRYPT - Authentication on server side
DATA_ENCRYPT  - Authentication occurs on the server side
DATA_ENCRYPT_CMP  - Authentication occurs at the server side
GSSPLUGIN   - Authentication occurs at the server side
GSS_SERVER_ENCRYPT - Authentication occurs at the server side

Notes:

1)In a client server framework , the passwords would be verified at the client operating system or application server.


Authorities
=================================
SYSADM - System Administrator Authority
SYSCTRL - System Control Authority
SYSMAINT - System Maintenance authority
SYSMON - System Monitor authrotity
DBADM - Database Administrator authrotity
SECADM - Security Administrator authority
LOAD - Load authority

Notes:

1)The Database Manager Configuration file grants the SYSMAINT authority


Database Privileges
================================
CONNECT
QUIESCE_CONNECT
IMPLICIT_SCHEMA
CREATETAB
BINDADD
CREATE_EXTERNAL_ROUTINE
CREATE_NOT_FENCED_ROUTINE
LOAD

Object Privileges
==============================
Table Space Privileges (USE)
Schema Privileges  (CREATEIN,ALTERIN,DROPIN)
Table Privileges   (CONTROL,ALTER,SELECT,INSERT,UPDATE,DELETE,INDEX,REFERENCES)
View Privileges    (CONTROL,SELECT,INSERT,UPDATE,DELETE)
Index Privileges   (CONTROL)
Sequence Privileges  (USAGE,ALTER)
Routine Privileges   (EXECUTE)
Package Privileges    (CONTROL,BIND,EXECUTE)
Nickname Privileges   (CONTROL,ALTER,SELECT,INSERT,UPDATE,DELETE,INDEX,REFERENCES)
Server Privileges  (PASSTHRU)
Distinct Type(iSeries\zSeries DB2) (USAGE)

Notes:

1)To use a Package both the CONNECT and EXECUTE privileges are required in order to use a package

GRANT and REVOKE
==============================
Use the GRANT command to to give explicit database and object privileges
Use the REVOKE command to revoke database and oject level privileges

 

 

 Ref:Jack Vamvas(http://www.dba-db2.com)

 

Author: Jack Vamvas(http://www.dba-db2.com)

Share:

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on DB2 - A Security Primer

Comments are moderated, and will not appear until the author has approved them.


dba-db2.com | DB2 Performance Tuning | DBA DB2:Everything | FAQ | Contact | Copyright