Authorization and security mechanisms for data access

Authorization is an important part of controlling DB2®. The security and authorization mechanisms that control access to DB2 data are both direct and indirect.

DB2 performs direct security checks of user IDs and passwords before users gain access through DDF. All other attachment facilities require that the user authenticate with DDF before attaching to DB2. DB2 security mechanisms include specific objects, privileges on those objects, and some privileges that provide broader authority. DB2 also controls data access indirectly with authorization checks at bind time and run time for application plans and packages.

Authorization

You probably noticed references to authorization in this information. For example, you must be authorized to run SQL statements that create and alter DB2 objects. Even when users run a SELECT statement to query table information, their authorization might limit what they see. The user might see data only in a subset of columns that are defined in a view. Views provide a good variety of security controls.

Before you issue DB2 commands, run utilities, run application packages and plans, or use most other DB2 functions, you need the appropriate authorization or privilege. For example, to make changes to a table, you need authorization to access that table. A privilege allows an action on an object. For example, to insert data into a table requires the privilege to insert data.

GRANT and REVOKE statements provide access control for DB2 objects. Privileges and authorities can be granted to authorization IDs and roles in many combinations, and they can also be revoked.

You can use the RACF® component or an equivalent product to control access to DB2 objects. This is the best option if you want the z/OS® security administrator to manage access to data instead for the database administrator.

Security

Due to the need for greater data security and demands for improved corporate accountability, the federal government and certain industries have developed laws and regulations to guide many corporate processes. The expectation to comply with these laws and regulations is likely to increase in the future. DB2 for z/OS support of roles and trusted contexts help in the area of compliance by enforcing data accountability at the data level. Instead of using a single user ID for all database requests, application servers can provide an user ID with no performance penalty associated with the request.

How authorization IDs control data access
One of the ways that DB2 controls access to data is through the use of identifiers. A set of one or more DB2 identifiers, called authorization IDs, represents every process that connects to or signs on to DB2.
How authorization IDs hold privileges and authorities
DB2 controls access to its objects by using a set of privileges. Each privilege allows an action on some object.
Ways to control access to DB2 subsystems
DB2 for z/OS performs security checks to authenticate users before they gain access to DB2 data. A variety of authentication mechanisms are supported by DB2 requesters and accepted by DB2 servers.
Ways to control access to data
DB2 enables you to control data access. Access to data includes a user who is engaged in an interactive terminal session. For example, access can be from a remote server, from an IMS™ or a CICS® transaction, or from a program that runs in batch mode.
Ways to control access to DB2 objects through explicit privileges and authorities
You can control access to DB2 user data by granting, not granting, or revoking explicit privileges and authorities.
Row-level and column-level access control
You can use row-level and column-level access control to restrict access to certain types of information that require additional security.
Use of multilevel security to control access
DB2 provides a powerful security scheme called multilevel security. Multilevel security is a security policy that classifies data and users according to a system of hierarchical security levels and nonhierarchical security categories.
Use of views to control access
The table privileges DELETE, INSERT, SELECT, and UPDATE can also be granted on a view. By creating a view and granting privileges on it, you can give an ID access to only a specific subset of data. This capability is sometimes called field-level access control or field-level sensitivity.
Use of grant and revoke privileges to control access
The SQL GRANT statement lets you grant explicit privileges to authorization IDs. The REVOKE statement lets you take them away. Only a privilege that has been explicitly granted can be revoked.

Parent topic: Management of DB2 operations

Related concepts:

DB2 and the z/OS Security Server