Articles & Content


DB2 10 for z/OS Security Enhancements (A05)

Topic: 2010 EMEA

Subtopic: DB2 for z/OS

DATE: 2010-11-9 (11:00 - 12:00)
SPEAKERS: James Pickel (IBM)

Business, regulatory, and customer privacy continue to require tighter controls over access to your critical data stored in DB2. First, DB2 10 plans to continue to expand its data-centric security solutions by allowing administrators to establish security policies or security logic within DB2, thus, enforcing security controls on all applications and tools that access data in DB2. Businesses would be able to comply with new regulations without changes to existing applications since security logic is separated from application logic. The evolution of security policies also becomes easier to deploy since the security logic can be automatically deployed against all SQL access to the data. These controls can prevent the use SQL to bypass views, application security logic, or prevent the use of SQL Injection to attack a DB2. Second, businesses have been protecting data from external users, but because of new regulations they are now required to protect data from internal or privileged users such as users with the SYSADM or SYSCTRL authority. DB2 10 plans to provide additional configurable authorities to protect sensitive data from even privileged administrators. Customized more granular administrative authorities can be defined to meet your individual security policies. An administrator can be defined to manage tables or tune SQL but without access to the data. Administrators who do not have a need to see data can still do their job without exposing restrictive data. Also, new regulations require security administration to be separate from data administration to achieve separation of duties. New administrator authorities can be configured to allow a user to create or alter tables, but without the authority to grant or revoke privileges on tables. This can be used to enforce separation of duties by requiring more than one privileged person to obtain the necessary privilege to access restricted data. Come hear about all the new security and auditing improvements planned for DB2 10 for z/OS.

EXP. LEVEL: Beginner,Intermediate


A general understanding of the new security and compliance features in DB2 10.

How new SQL security methods can satisfy your privacy and security policies without impacting your production applications and even protect data from ad-hoc query tools such as a simple report generation tools.

An understanding how to deploy new SQL masking and filtering methods to eliminate exposure to SQL injection attacks which is the fastest growing attack on your data.

An understanding of the new authorities and privileges designed to help you comply with government regulations and to simplify the management of authorities. The concepts, separation of duties and least privilege are introduced to address your requirements.

An understanding of how the new separation of administrative authorities can eliminate the need of SYSADM to help reduce the potential damage that could be caused by the inappropriate actions of one person. Separating the administrative tasks into multiple auditable authorities prevents a single user from having control over several phases of a task, so that deliberate fraud is more difficult to commit.

This file is being provided by IDUG. We would encourage you to join IDUG to get full access to all of our files and resources. Joining IDUG is FREE and signing up is simple. Click here to join! or login!

Download File
Click to Download

NOTE: These are only open to members of IDUG. If you are not a member, please CLICK HERE for more information.