IDUG Europe Premiere User Speaker: Migration of DB2 Access Control from DB2 to RACF (H10)
Topic: 2008 NA
Subtopic: DB2 for z/OS
DATE: 2008-05-21 (01:30 PM - 02:30 PM)
SPEAKERS: Peter Suhner (Axa Technology Services Switzerland AG)
A field report about migrating DB2 internal security to an external security system (RACF).On a system level, all of our z/OS security had always been implemented with RACF security system - with the sole exception of the DB2 subsystem. To reduce the overhead and complexity of maintaining two interacting security systems, we decided to migrate our DB2 security definitions to RACF. The major benefits we gained from that one-year project are:- Transparency: for the administration- Performance: Resource validation only takes place once in RACF- Simplicity: Reduction from some hundred thousands of different DB2 access rights (Grants) to a few thousand generic RACF profiles- Auditability: Logging of all access by SMF- Governance: Centralized administration of all user access rights- Data quality: Avoidance of outdated and inoperative User-IDs by daily comparison between RACF UserIDs and HR dataThe presentation will also mention the obstacles and exceptions.
EXP. LEVEL: Intermediate
How to migrate DB2 internal security to RACF (or any other external security system)
Understand basic DB2 and RACF security concepts and their differences
What it takes to overcome the conceptual differences
How to convert the contents of the SYSIBM.SYSxxxAUTH tables to equivalent RACF profiles with Utility RACFDB2
Possible benefits from the implementation as well as recommendations and pitfalls in such a project
Click Here to Download
NOTE: These are only open to members of IDUG. If you are not a member, please CLICK HERE for more information.