Articles & Content


Migration of DB2 Access Control from DB2 to RACF (A06)

Topic: 2007 EU

Subtopic: DB2 for z/OS

DATE: 2007-11-6 (14:00 - 15:00)
SPEAKERS: Peter Suhner (Axa Technology Services Switzerland AG), Susi Steiner (AXA Tech Switzerland (former Winterthur Insurance))

A field report about migrating DB2 internal security to an external security system (RACF).On a system level, all of our z/OS security had always been implemented with RACF security system - with the sole exception of the DB2 subsystem. To reduce the overhead and complexity of maintaining two interacting security systems, we decided to migrate our DB2 security definitions to RACF. The major benefits we gained from that one-year project are:- Transparency: for the administration- Performance: Resource validation only takes place once in RACF- Simplicity: Reduction from some hundred thousands of different DB2 access rights (Grants) to a few thousand generic RACF profiles- Auditability: Logging of all access by SMF- Governance: Centralized administration of all user access rights- Data quality: Avoidance of outdated and inoperative User-IDs by daily comparison between RACF UserIDs and HR dataThe presentation will also mention the obstacles and exceptions.

EXP. LEVEL: Intermediate


How to migrate DB2 internal security to RACF (or any other external security system)

Understand basic DB2 and RACF security concepts and their differences

What it takes to overcome the conceptual differences

How to convert the contents of the SYSIBM.SYSxxxAUTH tables to equivalent RACF profiles with Utility RACFDB2

Possible benefits from the implementation as well as recommendations and pitfalls in such a project

This file is being provided by IDUG. We would encourage you to join IDUG to get full access to all of our files and resources. Joining IDUG is FREE and signing up is simple. Click here to join! or login!

Download File
Click to Download

NOTE: These are only open to members of IDUG. If you are not a member, please CLICK HERE for more information.