DB2 - L

  • 1.  IBM Db2 requested enhancement DB24ZOS-I-1274

    Posted Sep 30, 2021 12:12 PM
    I entered a request for an enhancement: DB24ZOS-I-1274
    To have RLF allow entry of subnet wild cards for IPs.
    In this way subnets can be restricted without the need to enter some 65,000 rows per user / subnet.
    Please vote for it if you agree!
    thanks
    Bill

    ------------------------------
    williamgiannelliMe
    ------------------------------


  • 2.  RE: IBM Db2 requested enhancement DB24ZOS-I-1274

    Posted Oct 01, 2021 04:13 AM
    Hey, I think it's been some time

       I like the idea as I had a similar issue sometime ago.

    Just one question, are you trying to prevent all activity from those IP segments using ASUTIME=0 or using a low ASUTIME to allow just a little bit? If you want to stop connections completely, it might be better to look into the RACF SERVAUTH class and define those IP segments into the TCP/IP profile.

    Cheers

    ------------------------------
    Javier Estrada Benavides
    Mexico / Czech Republic
    IBM Champion
    ------------------------------



  • 3.  RE: IBM Db2 requested enhancement DB24ZOS-I-1274

    Posted Oct 01, 2021 06:21 AM
    Hi Javier,
    We have service ids that are to only be used by servers or within application programs. What we are trying to prevent is the use of the service ids by individuals from their personal laptops. We can see their source IPs and so the subnet. But the full IP can change from day to day. So we are trying to restrict by userid and IP. 
    I had not realized we could approach this thru RACF specifying IPs.
    thank you!
    Bill

    ------------------------------
    williamgiannelliMe
    ------------------------------



  • 4.  RE: IBM Db2 requested enhancement DB24ZOS-I-1274

    Posted Oct 01, 2021 12:44 PM
    Hi Bill,

    The Db2 profiles can also be used to manage remote access to Db2. They support subnet masks, but I don't think the combination of IP + authid is supported, though.

    See https://www.ibm.com/docs/en/db2-for-zos/12?topic=systems-monitoring-remote-connections-profile-tables

    ------------------------------
    Jørn Thyssen
    Rocket Software
    2021 IBM Champion
    ------------------------------



  • 5.  RE: IBM Db2 requested enhancement DB24ZOS-I-1274

    Posted Oct 21, 2021 03:47 AM
    Hi Bill,

    this came through while I was away, so only just replying now with a WHAT'S THE LINK, PLEASE?

    Thanks.

    ------------------------------
    Aurora


    Stay safe and healthy, y'all
    ------------------------------



  • 6.  RE: IBM Db2 requested enhancement DB24ZOS-I-1274

    Posted Oct 21, 2021 11:46 AM
    https://www.ibm.com/developerworks/rfe/execute?use_case=changeRequestLanding

    ------------------------------
    williamgiannelliMe
    ------------------------------



  • 7.  RE: IBM Db2 requested enhancement DB24ZOS-I-1274

    Posted Oct 25, 2021 03:39 AM
    errr so they have changed the website once again and now it asks me to creat a profile on IBM Developer - BUT since I already have one I can't go forward?

    gawd how I hate whomever designs the IBM websites - they are REALLY appalling.

    anyway, I'm afraid I can't vote it right now.

    Haappy Monday.

    ------------------------------
    Aurora


    Stay safe and healthy, y'all
    ------------------------------



  • 8.  RE: IBM Db2 requested enhancement DB24ZOS-I-1274

    Posted Oct 25, 2021 03:43 AM
    Try this link: https://ibm-data-and-ai.ideas.ibm.com/ideas/DB24ZOS-I-1274

    ------------------------------
    Jørn Thyssen
    Rocket Software
    2021 IBM Champion
    ------------------------------



  • 9.  RE: IBM Db2 requested enhancement DB24ZOS-I-1274

    Posted Oct 25, 2021 05:03 AM
    thanks Jorn! that worked.

    ------------------------------
    Aurora


    Stay safe and healthy, y'all
    ------------------------------