Business problem
Due to increasing security concerns and government regulations J.K.Avro superstore is
looking for greater control in managing user privileges and authorities. Currently one user performs all the database
administration tasks which might lead to data theft due to misuse of privileges.
Operation
To be compliant with the PCI requirement "Protect Stored Cardholder Data" and "Assign a unique ID to each person with computer access",
J.K.Avro superstore makes use of fundamental concepts of DB2 security: Authentication and Authorization.
Solution
To have greater control on access to database, JK superstore decides to enforce separation of duties using DB2 authorities and privileges
.
Separation of duties allows database administration tasks to be given to different users which results in granting least privileges to users.
Different levels of authorizations allow authenticated users to perform certain types of operations on the database.
This tutorial demonstrates how DB2 security features address the above problem. The following security features are used :
1. Grant/revoke authorities, grant/revoke privileges.
2. Separation of Duties between administrators
3. Least privileges to users
Click here to refer to Usage Scenario and pre-requisites to prepare this tutorial