1) read up on SYSIBM.SYSAUDITPOLICIES columns SYSADMIN and DBADMIN,
2) ensure that the sysadm'ers do not have update access to the
SDSNEXIT library used by
the Db2 started tasks. Any changes they make have to pass through a
function to be verified and actually be applied.
On 15 Oct 2017 at 4:51, Mohamed Esmael wrote:
> Hello All
> We using RACF EXTERNAL security on DB2 V11 with z/os
> we face some issues
> 1- we want to make report to monitor Admin Activities , from
reading we found that we can do
> that by using SMF record type 100 ,101,102 , how can we do
that and what other things we can
> use ?
> 2- how to prevent SYSADM to change exit routines that enable
RACF external security?
> (Generally limit SYSADM to perform any actions on members
that related to security
This email has been checked for viruses by AVG.