Introduction › What Are Some of the Benefits?

What Are Some of the Benefits?

The control of DB2 resources is accomplished using standard CA Top Secret methods. All DB2 resources have full scope checking and administrative authority support, which eliminates the need for secondary authorization IDs, and the cascading revoke problems. The direct benefits of CA Top Secret Option for DB2 are as follows:

• The DB2 resources are easily administered with the TSS command or the administration panels.
• In CA Top Secret Option for DB2, the concept of ownership through the creation of an object is eliminated. Instead, all DB2‑related resources are preferably owned by a department and their use is authorized to users with appropriate privileges, and optional access controls, such as time of day, day of week, and so on.
• With CA Top Secret Option for DB2 you do not need secondary authorization IDs. In fact, they can obscure the lines of individual accountability.
• The elimination of the cascading REVOKE effect makes secondary authorization IDs somewhat unnecessary. Due to this elimination, it is easier for security administrators to control and manage these DB2‑related resources and authorities.
• Support and security exist for all categories of DB2 privileges and authorities. Because the SYSADM authority has complete control over most DB2 resources, you should carefully limit and monitor its use as you would an MSCA.
• There are discrete checks with unique class names identifying the type of resource secured.
• Specific class names permit matching of relationships with existing DB2 controls.
• Access levels are supported as applicable to each resource class.
• All auditing and violation activity within DB2 is recorded to SMF and/or the Audit/Tracking File. All current facilities for reporting, including the online TSSTRACK reporting utility, are supported.