Security
Authorizing users to data at the system and data levels allows you to control access to your database.
Securing your database requires you to establish ownership and public authority to objects and specific authority to your applications.
- Controlling DDM and DRDA access
A security feature of the Distributed Relational Database Architecture (DRDA) server, for use with both Advanced Program-to-Program Communication (APPC) and TCP/IP, extends the use of the DDMACC parameter of the Change Network Attributes (CHGNETA) command to DRDA.
- Granting object and data authority
DB2 UDB for iSeries provides several methods to grant file and data authority.
- Limiting access to specific fields of a database file
You can restrict update and read requests to the specific fields in a database file.
- Specifying public authority
Public authority is given to users who do not have any specific authority to an object, who are not on the authorization list of the object, or whose group profile has no specific authority to the object. When you create a file, you can specify and grant public authority.
- Using database file capabilities to control I/O operations
When you create a physical file, you can specify that the file capabilities control which input/output (I/O) operations are allowed for the file, independent of database file authority.
- Using logical files to secure data
You can use logical files to prevent data in physical files from being read or changed.
Parent topic:
Administration
Related concepts
Security