IDUG is proud to offer the latest in DB2 information straight from those who know it best: database administrators (DBAs), database managers, application programmers and developers, vendors and other IT professionals who use DB2 daily.
Topic: 2008 NA
DATE: 2008-05-21 (01:30 PM - 02:30 PM)
SPEAKERS: Peter Suhner (Axa Technology Services Switzerland AG)
A field report about migrating DB2 internal security to an external security system (RACF).On a system level, all of our z/OS security had always been implemented with RACF security system - with the sole exception of the DB2 subsystem. To reduce the overhead and complexity of maintaining two interacting security systems, we decided to migrate our DB2 security definitions to RACF. The major benefits we gained from that one-year project are:- Transparency: for the administration- Performance: Resource validation only takes place once in RACF- Simplicity: Reduction from some hundred thousands of different DB2 access rights (Grants) to a few thousand generic RACF profiles- Auditability: Logging of all access by SMF- Governance: Centralized administration of all user access rights- Data quality: Avoidance of outdated and inoperative User-IDs by daily comparison between RACF UserIDs and HR dataThe presentation will also mention the obstacles and exceptions.
EXP. LEVEL: Intermediate
How to migrate DB2 internal security to RACF (or any other external security system)
Understand basic DB2 and RACF security concepts and their differences
What it takes to overcome the conceptual differences
How to convert the contents of the SYSIBM.SYSxxxAUTH tables to equivalent RACF profiles with Utility RACFDB2
Possible benefits from the implementation as well as recommendations and pitfalls in such a project
This file is being provided by IDUG. We would encourage you to join IDUG to get full access to all of our files and resources. Joining IDUG is FREE and signing up is simple. Click here to join! or login!Click to Download
NOTE: These are only open to members of IDUG. If you are not a member, please CLICK HERE for more information.