Db2

Db2

Connect with Db2, Informix, Netezza, open source, and other data experts to gain value from your data, share insights, and solve problems.

 View Only

A practical guide to restrictive databases

By Rahul Kumar posted Fri December 02, 2022 02:06 AM

  

Executive summary


Tools such as IBM® InfoSphere® Guardium® provide vulnerability assessment capabilities to security administrators. These tools typically provide reports that identify compliance failures with security best practices and current vulnerabilities. Starting with DB2® for Linux®, UNIX®, and Windows® Version 10.1, DB2 and
InfoSphere Guardium software is tuned for better out-of-the-box integration. As a result, restrictive DB2 databases achieve a better compliance score on vulnerability assessment tests when compared to restrictive DB2 databases from previous releases and non-restrictive DB2 databases in general.
Restrictive DB2 databases provide an out-of-the-box least privilege approach to databases and database objects. This least-privilege approach makes it much easier for you to secure your databases.
While restrictive databases provide better out of the box, security compliance scores, their use has been limited because administrators did not know what privileges to grant their end users to make them more usable. For example, administrators might not understand why they needed to give EXECUTE privilege on some CLP package that, on the surface, has nothing to do with the statement their user issued. This paper provides you with all the information you need to use restrictive databases more effectively.

Introduction


This paper provides a practical guide to getting started with restrictive DB2 databases. The paper includes examples that detail the required steps to set up database authorizations and privileges for typical categories of users: with CONNECT authority, with SECADM authority, with DBADM authority, and with DBADM, DATAACCESS, and ACCESSCTRL authority. Also included are details on the different requirements in terms of privileges on various system objects when the command line processor, CLP, is used to connect to restrictive DB2 databases.
A follow-on paper will cover details on the different requirements in terms of privileges on various system objects when CLI, Java, and Perl clients are used to connect to restrictive DB2 databases.

Download the full report on a practical guide to restrictive databases.
Download the report to get started!
#Db2
0 comments
8 views

Permalink

https://community.ibm.com/community/user/blogs/rahul-kumar/2022/12/02/a-practical-guide-to-restrictive-databases