Implementation Considerations › Decide on Centralized or Decentralized Security

Decide on Centralized or Decentralized Security

With native DB2 security, your site may not have a choice as to how you administer security. Because of the way DB2 is designed, your database administrators (DBAs) may be responsible for many of the functions normally performed by security administrators. With CA Top Secret Option for DB2, your site can decide whether the security functions and responsibilities for DB2 are centralized or decentralized. Whether CA Top Secret Option for DB2 administration is centralized or decentralized (and to what degree) depends on the size, structure, and unique needs of your site. You may want some DBAs to perform a subset of administrative functions or you may want your security department to handle all security concerns. Central security administrators can administer any CA Top Secret Option for DB2 access permissions while security administrators in a decentralized environment have a more limited jurisdiction over DB2 resources. Security administrators in a centralized environment have a broader scope of authority, while security administrators in a decentralized environment are given control over smaller groups of ACIDs (for example, an individual department). Decentralized administrators may also have different levels of administrative authority (granted via the TSS ADMIN command).

For more information about centralized vs. decentralized security, see the CA Top Secret User Guide and Implementation guides.

Appoint Your Implementation Team

The main function of the implementation team is to properly implement CA Top Secret Option for DB2 and related security systems and procedures. Their function is limited because most of the work occurs during the planning and implementation phases. If you created an implementation team (IT) to implement CA Top Secret, you may want to use this team to implement CA Top Secret Option for DB2. In addition to the current members, you will want to ask DB2 database administrators to join this team if they were not already included. Their participation and acceptance of CA Top Secret Option for DB2 is essential to successfully implementing CA Top Secret Option for DB2, because they play a critical role in creating and maintaining DB2 resources.

Plan and Coordinate Your Implementation Schedule

As the implementation plan takes shape, you should schedule all activities and events, and distribute schedules throughout the site to all key organizations. You should coordinate implementation timetables with related implementations of other system or product installations so they do not conflict.

Follow these steps to prepare to implement CA Top Secret Option for DB2:

• Ensure the key departments and personnel take an active role in the implementation plans. Everyone must support the implementation.
• Meet with other department managers to determine their concerns. Introduce an approach to address their concerns without compromising security.
• Observe other knowledgeable workers as they perform their functions. This can help lead to other improvements in securing resources that they use daily.
• Communicate the scope, impact, and requirements of the implementation plan to the entire organization.
• Design the CA Top Secret Option for DB2 installation and security implementation. Be sure to take into consideration the current data center standards, conventions, and procedures for testing and production turnover.
• Ensure that key personnel understand their roles and are available to support the implementation project.
• Plan for personnel vacations, holidays, and other staff outages.
• Secure management approval for the complete implementation plan, objectives, approach, and timetables.