Managing Security on DB2 on Z/os platform

Mohamed Esmael

Managing Security on DB2 on Z/os platform

Our duty now on DB2 Team is to make separation of duties after we research we found that we have two scenarios

1- through DB2 when i make separte security paramter to yes
2- Through RACF

the Question is which is better also if if we choose the first scenario can i have more that one SECADM as i read that we can i have SECADM1 & SECADM2

Hint we use DB2 V.10

Javier Estrada

RE: Managing Security on DB2 on Z/os platform
(in response to Mohamed Esmael)

Hello:

  I think the shortest answer is.... "depends on how you're organized at your shop".

  In here we use the native DB2 option, and we don't use a separate group for security (so that means we don't separate SECADM from SYSADM), and we didn't like the option or handling security with RACF. Personally I don't have any issues with any option, but the real problem was in the team:

Let's say, for example, that you have the idea of setting up trusted contexts and you'll revoke any individual privileges to remote applications users, so that means a complete reorganization of the security environment, policies, and even internal paperwork. The problem is... who's going to do what? If you're working with RACF, they will, at some point, require to hire a DB2 guy because chances are they only know RACF for traditional z/OS security, and same thing would happen if you assign SECADM to non DB2 people.

I've also seen that the DB2 guy from RACF will quit shortly because, well... he's a DB2 guy after all. That's just an example of what I've seen over time.

I like the three options BTW, but they all require a very very very detailed planned organization.

Hope that helps,

Regards

 

Javier Estrada

Certified DB2 11 for z/OS System Administrator. Mexico

Mohamed Esmael

RE: Managing Security on DB2 on Z/os platform
(in response to Javier Estrada)

First 

Thanks alot javier for your help and for your opinion

Second

in our shop , the both solution are possible as we have two teams DB2 & RACF , i want to know the concerns of each one , also you say i can  implement third solution between them how can i do that 

Thanks in advance