Implementing Security for DB2 › CA Top Secret for DB2
CA Top Secret for DB2
The control of DB2 resources is accomplished using standard CA Top Secret methods. All new DB2 resources have full scope checking and administrative authority support which eliminates the need for secondary authorization IDs and the cascading revoke problems. The direct benefits of CA Top Secret for DB2 are:
- The DB2 resources are easily administered with the same TSS command or the administration panels.
- In CA Top Secret for DB2, the concept of ownership through the creation of an object is eliminated. Instead, all of the DB2‑related resources are preferably owned by a department and their use is authorized to users with appropriate privileges.
- With CA Top Secret for DB2 you do not need secondary authorization IDs. They obscure lines of individual accountability.
- Support and security exist for all categories of DB2 privileges and authorities. Because the SYSADM authority has complete control over most DB2 resources, you should carefully limit and monitor its use as you would an MSCA.
- There are discrete checks with unique class names identifying the type of function secured.
- Specific class names permit matching of relationships with existing DB2 controls.
- Access levels are supported as applicable to each function.
- All auditing and violation activity within DB2 is recorded to SMF and/or the Audit/Tracking File. All current facilities for reporting, including the online TSSTRACK reporting utility, are supported.
- The Catalog Synchronization Utility provides the ability to bring DB2 catalog entries up‑to‑date with CA Top Secret for DB2.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|