About this course

Course code TPDSR
Duration 1 Day

DB2 for z/OS security has historically been performed using an external security product such as RACF to secure the system, while access to DB2 objects and data was controlled using DB2 internal security.<br>However now more and more organisations are using RACF to control all aspects of DB2 security - both at the system and data levels.<br>This intensive, one-day course shows exactly how this may be achieved.<br><br>This course is also available for one-company, on-site presentations and for live presentation over the Internet, via the Virtual Classroom Environment service.

Prerequisites

A working knowledge of RACF and an understanding of DB2 for z/OS at a conceptual & terminological level.

Delegates will learn how to

  • describe DB2 security
  • understand terminology used with DB2 security
  • use and structure DB2 security tables
  • use primary, secondary, and CURRENT SQLID authorisation IDs used by DB2
  • use SQL to control security using the GRANT and REVOKE statements
  • describe the meaning of explicit, implicit, composite and grouped privileges
  • explain ownership considerations with regard to DB2 objects
  • control DB2 address space and data set authorisation using RACF
  • use RACF to control access to DB2 objects
  • describe the new RACF classes for DB2 objects
  • create RACF profiles for DB2 objects
  • understand the additional considerations when using DB2 in a distributed environment.

Outline

Introduction to DB2 Security

Security overview; Sign-on security; Connection security; DB2 internal security; Other options; Security strategy (Transaction Manager or DB2); Security strategy (centralised or decentralised); Using remote applications.

Internal DB2 Security

DB2 security; DB2 security mechanism; DB2 security tables; Security terms; Authorisation ID; Privilege; Resource; Primary and Secondary Authorisation IDs; Maintaining security; Data Control Language; Grouped privileges; Explicit & implicit privileges; Ownership considerations; Static and Dynamic SQL; Static SQL considerations; Dynamic SQL considerations; DB2 security disadvantages.

Data Control Language & Privileges

SQL GRANT and REVOKE statements; Cascading REVOKE; Package, plan & collection privileges; Database, table, & view privileges; Other object privileges; System privileges; DCL examples: application development, Bind, program execution; Insufficient authority.

DB2 Security Reporting and Auditing

DB2 catalog security tables; Common table columns; Security tables 1 - 4; Auditing tables; Audit trace.

RACF Security Overview

What is RACF?; Identifying and verifying users; Checking authorisations; Recording and reporting; Terminology - users and groups; Terminology - resources and classes; Terminology - profiles; User profile; Resource Profile; Discrete and generic profiles; Creating Generic Profiles; Maintaining RACF Security.

Defining the DB2 Subsystem to RACF

Address space authorisation; Protected access profiles; RACF router table; DB2 address spaces; Permitting RACF access; Protecting DB2 data sets - create profiles; Protecting DB2 data sets - permitting access.

Defining DB2 Objects to RACF

Native DB2 security; DB2 with RACF; RACF / DB2 external security module; Installation; Mapping DB2 authorisation checks; Scope of RACF classes; Multi-subsystem scope classes; Single subsystem scope classes; Customisation; DB2 objects and RACF classes; Profiles; Privileges - buffer pools, storage groups & tablespaces; Privileges - DB2 system; Privileges - database and schema; Privileges - tables, views, indexes and user-defined functions; Privileges - collection, plan and package; Privileges - distinct types, sequences and stored procedures; Privileges - administrative authorities; Insufficient authority; Migration tools.

Further DB2 Security Techniques

Multi-level security overview; Security labels; Row level granularity; Multi-level security and SELECT; Multi-level security and INSERT; Multi-level security and UPDATE; Multi-level security and DELETE; Multi-level security and utilities; Row and column access control; row permissions; column masks.

Distributed Data Considerations

Distributed Data overview; DDF components; Communications tables; Security actions (client); Security actions (server with SNA client); Security actions (server with TCP/IP client).

1 Day

Duration
Training delivered by an IBM Global Training Provider
Delivery Method

Delivery method

Classroom

Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.

Find dates and prices

Online booking is currently not available for this course, to find out more please call us on 0345 074 7998 or email us at info@qa.com to discuss how we can help.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.