Getting Started with DB2 Express-C

More documents

Recommendations

Info

180 Getting Started with DB2 Express-C Figure 10.5 - Database-level authorities and their functions Note: In DB2 9.7, to provide for better data privacy and governance compliance, the authorization model has been updated to clearly separate the duties of the system administrator, the database administrator, and the security administrator. In general, the functional scope of several authorities has been reduced compared to previous DB2 versions. For example, a SYSADM no longer has the rights to access data from any database. A DBADM no longer has the rights to access data for the database he administers. On the other hand, SECADM has gained more functionality such as the ability to grant and revoke authorities and privileges to users, roles, and groups. New authorities have also been created to allow for more granularity and control of your system security. This also minimizes the risk of data exposure by not granting users more than what they need to do their job. The DB2 9.7.2 refresh also includes auditing improvements that allow for the replay of past database activities. For example, if you need to analyze how a given request that happened a few years back affected some tables, you can now use the database audit information to obtain what you need for that analysis. 10.2.2.3 Enabling SYSADM and DBADM to work the same as versions of DB2 prior to 9.7
Chapter 10 – Database Security 181 If you would like a SYSADM to behave the same as it did in versions of DB2 prior to DB2 9.7, there are two cases to consider: • If the SYSADM is the creator of the database, then it automatically receives DATAACCESS, ACCESSCTRL, SECADM and DBADM authority for that database. This gives the SYSADM the same abilities as in versions of DB2 prior to 9.7. • If the SYSADM is not the creator of the database, then to obtain the same capabilities as in previous versions of DB2 (except SECADM); a SECADM must GRANT DBADM with DATAACCESS and ACCESSCTRL (which is the default) to the SYSADM on the given database. A few cases to consider for a SECADM: • The default SECADM is the creator of the database. • If a user with SECADM authority grants SECADM to a user with SYSADM authority, then the SYSADM can grant SECADM to other users. • If a user with SECADM authority grants DBADM to a user, the DBADM also receives DATAACCESS and ACCESSCTRL by default. If you are migrating a DB2 9.5 database, the capabilities of SYSADM and DBADM will not change because DB2 automatically grants DBADM, DATAACCESS and ACCESSCTRL to the SYSADM group upon migration. DB2 also automatically grants DATAACCESS and ACCESSCTRL to every authorization ID that holds DBADM upon migration. In addition, DB2 automatically grants SECADM to the user ID doing the migration if there is no authorization ID of type USER that holds SECADM in the database. SYSADM loses its implicit ability to grant or revoke DBADM and SECADM which can now only be performed by SECADM. 10.2.3 Roles Roles allow a security administrator to assign privileges or authorities to several users or groups. Roles are very similar to groups, but they are defined within DB2, and therefore, provide some advantages. For example, the privileges and authorities granted to roles are always used when you create objects like views or triggers, which is not the case for groups. On the other hand, you cannot assign instance-level authorities such as SYSADM to a role, only privileges and database-level authorities; while for a group, all privileges and authorities can be assigned. Working with roles requires following several steps: 1. A security administrator (SECADM) must first create a role using a command like CREATE ROLE TESTER 2. Next, a DBADM must grant privileges or authorities to the role. For example, to grant SELECT privilege on tables STAFF and DEPT in the SAMPLE database to role TESTER, issue:
Page 3 and 4:
GETTING STARTED WITH DB2 Express-C
Page 5 and 6:
Contents About this book ..........
Page 7 and 8:
Contents 7 6.3 DB2 storage model ..
Page 9 and 10:
Contents 9 13.4.2 Cursor stability
Page 11 and 12:
About this book Notices and tradema
Page 13 and 14:
About this Book 13 A book for the c
Page 15:
About this Book 15 Foreword Innovat
Page 19 and 20:
1 Chapter 1 - What is DB2 Express-C
Page 21 and 22:
Chapter 1 - What is DB2 Express-C?
Page 23 and 24:
Page 25 and 26:
1.8 Moving up to another DB2 editio
Page 27:
Page 30 and 31:
30 Getting Started with DB2 Express
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 59 and 60:
4 Chapter 4 - DB2 Environment The D
Page 61 and 62:
Chapter 4 - DB2 Environment 61 Figu
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Chapter 4 - DB2 Environment 69 conf
Page 71 and 72:
Page 73 and 74:
Chapter 4 - DB2 Environment 73 Tabl
Page 75 and 76:
Chapter 4 - DB2 Environment 75 4.3
Page 77 and 78:
Chapter 4 - DB2 Environment 77 6. S
Page 79:
Chapter 4 - DB2 Environment 79 20.
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
100 Getting Started with DB2 Expres
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 109 and 110:
6 Chapter 6 - DB2 Architecture In t
Page 111 and 112:
Chapter 6 - DB2 Architecture 111 pr
Page 113 and 114:
Chapter 6 - DB2 Architecture 113 6.
Page 115 and 116:
Chapter 6 - DB2 Architecture 115 Fi
Page 117 and 118:
Chapter 6 - DB2 Architecture 117 Ma
Page 119 and 120:
6.3.3.4 Creating a Table Space usin
Page 121 and 122:
Page 123:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131: 130 Getting Started with DB2 Expres
Page 141 and 142: 8 Chapter 8 - Working with Database
Page 143 and 144: Chapter 8 - Working with Database O
Page 161 and 162: 9 Chapter 9 - Data Movement Utiliti
Page 163 and 164: Chapter 9 - Data Movement Utilities
Page 171: Chapter 9 - Data Movement Utilities
Page 191 and 192: 11 Chapter 11 - Backup and Recovery
Page 193 and 194: Chapter 11 - Backup and Recovery 19
Page 195 and 196: 11.4 Database logging from the Cont
Page 203: Chapter 11 - Backup and Recovery 20
Page 215 and 216: 13 Chapter 13 - Concurrency and Loc
Page 217 and 218: Chapter 13 - Concurrency and Lockin
Page 231 and 232:
13.10 Summary In this chapter we lo
Page 233 and 234:
Chapter 13 - Concurrency and Lockin
Page 235 and 236:
Chapter 13 - Concurrency and Lockin
Page 237:
PART III - LEARNING DB2: APPLICATIO
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
Page 296 and 297:
Page 298 and 299:
Page 300:
Getting started with DB2 9.7 couldn
show all

Getting Started with DB2 Express-C

Create successful ePaper yourself

Delete template?

Save as template?