- who is allowed to the instance and/or database
- where and how a user's password will be verified
- authority level that a user is granted
- commands that a user is allowed to execute
- data that a user is allowed to read and/or alter
- database objects a user is allowed to create, alter, and/or drop
DB2 Security Mechanisms
There are 3 main mechanisms within DB2 that allow a DBA to implement a database security plan:
- Authentication
- Authorization
- Privileges
1. Authentication
Authentication is the first security feature you'll encounter when you attempt to access a DB2 instance or database. It works closely with the security features of the underlying operating system to verity the user IDs and passwords. It can also work with security protocols like kerberos to authenticate users.
2. Authorization
It involves determining the operations that user and/or groups can perform, and the data objects that they may access. An user's ability to perform high level database and instance management is determined by the authorities that they have been assigned. The 5 different authority levels within DB2 are
- SYSADM
- SYSCTRL
- SYSMAINT
- DBADM
- LOAD
3. Privileges
A bit more granular than authorities, and can be assigned to users and/or groups. It defines the commands that a user can use to access objects like tables, views, index and packages.
0 comments:
Post a Comment