DB2 Server for VM: System Administration

Chapter 6. Maintaining Database Security

This chapter discusses the methods available for protecting the information in a database:

• Communications and system security

  The security mechanisms to restrict unauthorized access to the database:

  • Session-level security

    The VTAM product supports a security exchange between two partner logical units (LUs) that are attempting to establish a session with each other. This security exchange is called partner LU verification.

  • Conversation-level security

    The APPC/VM communications allow an application requester to specify one of the following levels of conversation security when it is trying to connect to the application server:

    • SAME
    • PGM
  • VM directory control statements

    Use these statements to control the ability of an application requester to communicate with the application server.

  • User ID translation

    Because the application server cannot differentiate between identical user IDs from local and remote systems, the ability to translate inbound user IDs to locally known ones can eliminate duplicate user IDs and avoid potential security-related problems.

  • Minidisk protection

    Use the guidelines in this section to protect your database minidisks against unauthorized access.

• CMS restrictions

  Certain CMS file manipulation commands must not be used on database files because they can render the database useless.

• System and DB2 Server for VM operator console considerations

  The integrity and security of your database can be threatened if unauthorized persons have access to the console. This section discusses how to use the CP DISCONN command to restrict console access.

• Access control to ISQL on a VSE guest

  If VSE guest users use ISQL to access an application server on a VM/ESA operating system, you may want to limit their access.