IBM DB2 Security Mechanisms

For every e-business solution, the company should give more sound for database security. The database security plan should define:

  • who is allowed to the instance and/or database
  • where and how a user’s password will be verified
  • authority level that a user is granted
  • commands that a user is allowed to execute
  • data that a user is allowed to read and/or alter
  • database objects a user is allowed to create, alter, and/or drop

DB2 Security Mechanisms

There are 3 main mechanisms within DB2 that allow a DBA to implement a database security plan:

  1. Authentication
  2. Authorization
  3. Privileges

1. Authentication

Authentication is the first security feature you’ll encounter when you attempt to access a DB2 instance or database. It works closely with the security features of the underlying operating system to verity the user IDs and passwords. It can also work with security protocols like kerberos to authenticate users.

2. Authorization

It involves determining the operations that user and/or groups can perform, and the data objects that they may access. An user’s ability to perform high level database and instance management is determined by the authorities that they have been assigned. The 5 different authority levels within DB2 are

  1. SYSADM
  2. SYSCTRL
  3. SYSMAINT
  4. DBADM
  5. LOAD

3. Privileges

A bit more granular than authorities, and can be assigned to users and/or groups. It defines the commands that a user can use to access objects like tables, views, index and packages.

Permanent link to this article: https://blog.openshell.in/2010/11/ibm-db2-security-mechanisms/

Leave a Reply

Your email address will not be published.