Download PDF - IBM Redbooks
Download PDF - IBM Redbooks
Download PDF - IBM Redbooks
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Example 8-13 shows the audit records for all users with reading access to DB2 object<br />
SAPR3.USR02 using SPUFI.<br />
Example 8-13 Reading access to DB2 object SAPR3.USR02 by using SPUFI<br />
MAXIM MAXIM TSO 19:26:48.49 BIND PACKAGE: DB0T.DSNESPCS.DSNES<br />
MAXIM 'BLANK' C829B035C63E TYPE: SEL-QUERY<br />
DSNESPCS TSO TEXT: SELECT * FROM SAPR3.US<br />
DATABASE: 10041<br />
ACCESS CTRL SCHEMA: N/P<br />
ACCESS CTRL OBJECT: N/P<br />
Example 8-14 shows the audit records for all users with reading access to DB2 object<br />
SAPR3.USR02 by using DBA Cockpit in SAP.<br />
Example 8-14 Reading access to DB2 object SAPR3.USR02 by using DBA Cockpit within SAP<br />
SAPINST T73DIA00 DRDA 19:49:33.32 BIND PACKAGE: DB0T.SAP0907U.SYSL<br />
SAPINST 4 110801211120 TYPE: SEL-QUERY<br />
DISTSERV SERVER TEXT: select * from sapr3.u<br />
REQLOC :::172.30.9.120 DATABASE: 10041<br />
ENDUSER :KUKAREV ACCESS CTRL SCHEMA: N/P<br />
WSNAME :DB2SPACE ACCESS CTRL OBJECT: N/P<br />
TRANSACT:SAPLSDB2CCMS_SPACE<br />
Each report was created with Tivoli OMEGAMONE PE version 5.1 as shown in Example 8-7.<br />
All reports were produced with the option, SUMMARY, which lists all user-selected records<br />
from the input data set.<br />
Additional information: This section explained only part of the capabilities for auditing in<br />
DB2 10. For information about additional audit options, see DB2 10 for z/OS Administration<br />
Guide, SC19-2968.<br />
8.4 SSL data stream encryption between an SAP NetWeaver<br />
Application Server and DB2 10 database server<br />
Whenever sensitive data is transmitted from application requestors through mechanisms,<br />
such as the SAP NetWeaver Application Server (SAP NetWeaver AS), or client requests for<br />
DB2 data using DB2 Connect, there are attack mechanisms, such as network sniffers, from<br />
which we require protection. In all cases, a sniffer’s attack is the result of poorly implemented<br />
network and connection authentication and authorization. For most situations, use Secure<br />
Sockets Layer (SSL) or Application Transparent Transport Layer Security (AT-TLS) to encrypt<br />
the network flows to and from DB2 10 for z/OS.<br />
Another enhancement to DB2 10 supports SSL authentication methods by using an <strong>IBM</strong><br />
Distributed Relational Database Architecture (<strong>IBM</strong> DRDA) secure port. SSL authentication<br />
methods support secure communications between clients and DB2 10.<br />
124 Running SAP Solutions with <strong>IBM</strong> DB2 10 for z/OS on the <strong>IBM</strong> zEnterprise System