February 14, 2018 05:12 AM
(in response to Mohamed Esmael)
1) anyone with update access to a library in xxxxMSTR STEPLIB
concatenation. This can be
used to supply new values when Db2 is started or a -SET SYSPARM is
2) some tools allow dynamic modifications to the internal control
blocks You need to read the
documentation on the tools you have.
3) Any program with AC(1) in an authorised library can do anything.
You need to have
controls around their usage.
4) No scheme is perfect. Especially anything you read on the
Internet. And, yes, this as well.
On 11 Feb 2018 at 1:36, Mohamed Esmael wrote:
> Dear All
> we implement SOD (Segregation of duties) on DB2 v.11 Z OS , we
want to separate SYSADM
> from doing Security relates issues as we will enable DB2
Internal security and use SECADM , we
> have concern about
> 1- Who can edit / update ZPARM fields (SYSADM or SECADM)
as there is security related fields