Team with the best
Db2® LUW Performance Tools
company in the World

DB2 LUW Security -- Be Kind to your SECADM (Part 1)

November 5, 2009, 9:55 pm
Posted by bond in General
Here's a tip....just before your shop upgrades to (or installs) DB2 9.7, run to the nearest Coffee Shop, grab a Vanilla Latte and a Cookie and place the Latte gently in front of your SECADM, along with a list of the new SECADM responsibilities that will be necessary after the upgrade.

I promised in an earlier post that I'd share thoughts on how to keep your SECADM from quitting when you upgrade to 9.7. But, if the Latte and cookie approach doesn't work, then you're on your own. (I'm kidding...there's more)

DB2 DBAs...we're used to being overwhelmed. We don't necessarily like it, but we're used to it. Remember when 9.1 first came out? If you had an opportunity to be the SECADM and give up your other tasks, what would you have said then? Seemed like a cushy job at the time. The biggest task appeared to be setting up LBAC, but once that setup was complete, life would not be rough....no late hours...no 2 AM panic calls...and then..

Version 9.5....some new tasks (audit responsibilities for one), but still the tasks were manageable, plus ROLES were a big help.

And now...we stand at the threshold of 9.7...getting ready to install it...and

Did you give the SECADM the Latte yet ? 

As it says in the documentation, SECADM "abilities have been extended". The easy, breezy life of the SECADM is facing a hurricane. Sounds ominous, but rope your SECADM to the chair until the Latte is finished (and then pull out the cookie as backup) and let's approach this CALMLY.

In DB2 V9.7:

  • SECADM can grant and revoke all authorities and privileges, including DBADM and .... (read carefully) .... > SECADM.
  • SECADM can GRANT SECADM authority to ROLES and GROUPS (here is where your SECADM's eyes start to twinkle)
  • The SECADM can DELEGATE running the audit stored procedures and table functions to ANOTHER user by granting EXECUTE privilege (is the SECADM beginning to smile? )

AND......

  • ACCESSCTRL authority can be given to another user so that THEY can grant and revoke authorities and privileges (except SECADM, DBADM, ACCESSCTRL and DATAACCESS)

So, it would appear that your SECADM can easily share with others.

Thanks to the Latte, cookie and a calm approach, disaster was averted....for now...

Tune in to PART TWO, when I share my thoughts on how important your Security Controls are going to be as you approach this new Security Model (bring your own latte).

I WELCOME YOUR EMAILS TO:

db2locksmith at securedb2.com

Printer friendly   

Explore

Home
Products
Licensing
Services
Testimonials
Events
Downloads

Just for you

For DBAs
For Executives
For IT Managers
For Systems Integrators
Join the Top 1 percent
Do your due diligence
Free DB2 Performance Tools

Business

Cloud Computing
Customer Satisfaction
Customer References Employee Productivity
Maximizing Profitability
GREEN IT/Saving Energy
Return on Investment (ROI)

Operations

Achieving SLAs
Infrastructure Costs
Stability & Reliability
SQL Server Performance
Rapid Problem Resolution
Performance Optimization
Improving Response Times

The team

About
Contact
Support
News
Legal
Privacy
Sitemap

Share
Copyright © 2005–2024 All rights reserved.
3rd Millennium, Inc. - 125 Cambridge Park Drive, Suite 301 - Cambridge, MA 02140 USA