ibm-information-center/dist/eclipse/plugins/i5OS.ic.ddp_5.4.0.1/rbal1secure.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Security" />
<meta name="abstract" content="The iSeries server has security elements built into the operating system to limit access to the data resources of an application server. Security options range from simple physical security to full password security coupled with authorization to commands and data objects." />
<meta name="description" content="The iSeries server has security elements built into the operating system to limit access to the data resources of an application server. Security options range from simple physical security to full password security coupled with authorization to commands and data objects." />
<meta name="DC.subject" content="security, for an, iSeries, distributed relational database security, database" />
<meta name="keywords" content="security, for an, iSeries, distributed relational database security, database" />
<meta name="DC.Relation" scheme="URI" content="rbal1kickoff.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1secdb.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1exitpgms.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1objsec.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1sqlaut.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1adopt.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1rdbpro.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1secforadist.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rbal1secure" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Security</title>
</head>
<body id="rbal1secure"><a name="rbal1secure"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Security</h1>
<div><p>The <span class="keyword">iSeries™ server</span> has
security elements built into the operating system to limit access to the data
resources of an application server. Security options range from simple physical
security to full password security coupled with authorization to commands
and data objects.</p>
<p>Users must be properly authorized to have access to the database whether
it is local or remote. They must also have proper authorization to collections,
tables, and other relational database objects necessary to run their application
programs. This typically means that distributed database users must have valid
user profiles for the databases they use throughout the network. Security
planning must consider user and application program needs across the network.</p>
<p>A distributed relational database administrator is faced with two security
issues to resolve:  </p>
<ul><li>System to system protection</li>
<li>Identification of users at remote sites</li>
</ul>
<p>When two or more systems are set up to access each other's databases, it
is important to make sure that the other side of the communications line is
the intended location and not an intruder. For DRDA<sup>®</sup> access to a remote relational database,
the <span class="keyword">iSeries server</span> use of Advanced
Program-to-Program Communication (APPC) and Advanced Peer-to-Peer
Networking<sup>®</sup> (APPN) communications configuration capabilities provides
options for you to do this network level security.</p>
<p>The second concern for the distributed relational database administrator
is that data security is maintained by the system that stores the data. In
a distributed relational database, the user has to be properly authorized
to have access to the database (according to the security level of the system)
whether the database is local or remote. Distributed relational database network
users must be properly identified with a user ID on the application server
(AS) for any jobs they run on the AS. Distributed
Relational Database Architecture™ (DRDA) support using both APPC/APPN and
TCP/IP communications protocols provides for the sending of user IDs and passwords
along with connection requests.</p>
<p>This topic collection discusses security topics that are related to communications
and DRDA access
to remote relational databases. It discusses the significant differences between
conversation-level security in an APPC network connection and the corresponding
level of security for a TCP/IP connection initiated by a DRDA application.
In remaining security discussions, the term <em>user</em> also includes remote
users starting communications jobs.</p>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rbal1secdb.htm">Elements of distributed relational database security</a></strong><br />
A distributed relational database administrator needs to protect
the resources of the application servers in the network without unnecessarily
restricting access to data by <dfn class="term">application requesters (ARs)</dfn> in
the network.</li>
<li class="ulchildlink"><strong><a href="rbal1exitpgms.htm">DRDA server access control exit programs</a></strong><br />
A security feature of the Distributed
Relational Database Architecture (DRDA) server, for use with both Advanced
Program-to-Program Communication (APPC) and TCP/IP, extends the use of the
DDMACC parameter of the <span class="cmdname">Change Network Attributes (CHGNETA)</span> command
to DRDA.</li>
<li class="ulchildlink"><strong><a href="rbal1objsec.htm">Object-related security for DRDA</a></strong><br />
If the <span class="keyword">iSeries server</span> is
an application server (AS), there are two object-related levels at which security
can be enforced to control access to its relational database tables.</li>
<li class="ulchildlink"><strong><a href="rbal1sqlaut.htm">Authority to distributed relational database objects</a></strong><br />
You can use either the SQL GRANT and REVOKE statements or the control
language (CL) <span class="cmdname">Grant Object Authority (GRTOBJAUT)</span> and <span class="cmdname">Revoke
Object Authority (RVKOBJAUT)</span> commands to grant and revoke a user's
authority to relational database objects.</li>
<li class="ulchildlink"><strong><a href="rbal1adopt.htm">Programs that run under adopted authority for a distributed relational database</a></strong><br />
A distributed relational database program can run under adopted authority, which means the user adopts the program owner's authority to objects used by the program while running the program. When a program is created using the *SQL precompiler option for naming, the program runs under the program owner's user profile.</li>
<li class="ulchildlink"><strong><a href="rbal1rdbpro.htm">Protection strategies in a distributed relational database</a></strong><br />
Network security in an <span class="keyword">iSeries</span> distributed
relational database must be planned to protect critical data on any application
server (AS) from unauthorized access. But because of the distributed nature
of the relational database, security planning must ensure that availability
of data in the network is not unnecessarily restricted.</li>
</ul>

<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rbal1kickoff.htm" title="Distributed database programming describes the distributed relational database management portion of the i5/OS licensed program. Distributed relational database management provides applications with access to data that is external to the applications and typically located across a network of computers.">Distributed database programming</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="rbal1secforadist.htm" title="Part of planning for a distributed relational database involves the decisions you must make about securing distributed data.">Security considerations for a distributed relational database</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="Security" />`
			`<meta name="abstract" content="The iSeries server has security elements built into the operating system to limit access to the data resources of an application server. Security options range from simple physical security to full password security coupled with authorization to commands and data objects." />`
			`<meta name="description" content="The iSeries server has security elements built into the operating system to limit access to the data resources of an application server. Security options range from simple physical security to full password security coupled with authorization to commands and data objects." />`
			`<meta name="DC.subject" content="security, for an, iSeries, distributed relational database security, database" />`
			`<meta name="keywords" content="security, for an, iSeries, distributed relational database security, database" />`
			`<meta name="DC.Relation" scheme="URI" content="rbal1kickoff.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rbal1secdb.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rbal1exitpgms.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rbal1objsec.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rbal1sqlaut.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rbal1adopt.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rbal1rdbpro.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rbal1secforadist.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rbal1secure" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Security</title>`
			`</head>`
			`<body id="rbal1secure"><a name="rbal1secure"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Security</h1>`
			`<div><p>The <span class="keyword">iSeries™ server</span> has`
			`security elements built into the operating system to limit access to the data`
			`resources of an application server. Security options range from simple physical`
			`security to full password security coupled with authorization to commands`
			`and data objects.</p>`
			`<p>Users must be properly authorized to have access to the database whether`
			`it is local or remote. They must also have proper authorization to collections,`
			`tables, and other relational database objects necessary to run their application`
			`programs. This typically means that distributed database users must have valid`
			`user profiles for the databases they use throughout the network. Security`
			`planning must consider user and application program needs across the network.</p>`
			`<p>A distributed relational database administrator is faced with two security`
			`issues to resolve: </p>`
			`<ul><li>System to system protection</li>`
			`<li>Identification of users at remote sites</li>`
			`</ul>`
			`<p>When two or more systems are set up to access each other's databases, it`
			`is important to make sure that the other side of the communications line is`
			`the intended location and not an intruder. For DRDA<sup>®</sup> access to a remote relational database,`
			`the <span class="keyword">iSeries server</span> use of Advanced`
			`Program-to-Program Communication (APPC) and Advanced Peer-to-Peer`
			`Networking<sup>®</sup> (APPN) communications configuration capabilities provides`
			`options for you to do this network level security.</p>`
			`<p>The second concern for the distributed relational database administrator`
			`is that data security is maintained by the system that stores the data. In`
			`a distributed relational database, the user has to be properly authorized`
			`to have access to the database (according to the security level of the system)`
			`whether the database is local or remote. Distributed relational database network`
			`users must be properly identified with a user ID on the application server`
			`(AS) for any jobs they run on the AS. Distributed`
			`Relational Database Architecture™ (DRDA) support using both APPC/APPN and`
			`TCP/IP communications protocols provides for the sending of user IDs and passwords`
			`along with connection requests.</p>`
			`<p>This topic collection discusses security topics that are related to communications`
			`and DRDA access`
			`to remote relational databases. It discusses the significant differences between`
			`conversation-level security in an APPC network connection and the corresponding`
			`level of security for a TCP/IP connection initiated by a DRDA application.`
			`In remaining security discussions, the term <em>user</em> also includes remote`
			`users starting communications jobs.</p>`
			`</div>`
			`<div>`
			`<ul class="ullinks">`
			`<li class="ulchildlink"><strong><a href="rbal1secdb.htm">Elements of distributed relational database security</a></strong><br />`
			`A distributed relational database administrator needs to protect`
			`the resources of the application servers in the network without unnecessarily`
			`restricting access to data by <dfn class="term">application requesters (ARs)</dfn> in`
			`the network.</li>`
			`<li class="ulchildlink"><strong><a href="rbal1exitpgms.htm">DRDA server access control exit programs</a></strong><br />`
			`A security feature of the Distributed`
			`Relational Database Architecture (DRDA) server, for use with both Advanced`
			`Program-to-Program Communication (APPC) and TCP/IP, extends the use of the`
			`DDMACC parameter of the <span class="cmdname">Change Network Attributes (CHGNETA)</span> command`
			`to DRDA.</li>`
			`<li class="ulchildlink"><strong><a href="rbal1objsec.htm">Object-related security for DRDA</a></strong><br />`
			`If the <span class="keyword">iSeries server</span> is`
			`an application server (AS), there are two object-related levels at which security`
			`can be enforced to control access to its relational database tables.</li>`
			`<li class="ulchildlink"><strong><a href="rbal1sqlaut.htm">Authority to distributed relational database objects</a></strong><br />`
			`You can use either the SQL GRANT and REVOKE statements or the control`
			`language (CL) <span class="cmdname">Grant Object Authority (GRTOBJAUT)</span> and <span class="cmdname">Revoke`
			`Object Authority (RVKOBJAUT)</span> commands to grant and revoke a user's`
			`authority to relational database objects.</li>`
			`<li class="ulchildlink"><strong><a href="rbal1adopt.htm">Programs that run under adopted authority for a distributed relational database</a></strong><br />`
			`A distributed relational database program can run under adopted authority, which means the user adopts the program owner's authority to objects used by the program while running the program. When a program is created using the *SQL precompiler option for naming, the program runs under the program owner's user profile.</li>`
			`<li class="ulchildlink"><strong><a href="rbal1rdbpro.htm">Protection strategies in a distributed relational database</a></strong><br />`
			`Network security in an <span class="keyword">iSeries</span> distributed`
			`relational database must be planned to protect critical data on any application`
			`server (AS) from unauthorized access. But because of the distributed nature`
			`of the relational database, security planning must ensure that availability`
			`of data in the network is not unnecessarily restricted.</li>`
			`</ul>`

			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rbal1kickoff.htm" title="Distributed database programming describes the distributed relational database management portion of the i5/OS licensed program. Distributed relational database management provides applications with access to data that is external to the applications and typically located across a network of computers.">Distributed database programming</a></div>`
			`</div>`
			`<div class="relref"><strong>Related reference</strong><br />`
			`<div><a href="rbal1secforadist.htm" title="Part of planning for a distributed relational database involves the decisions you must make about securing distributed data.">Security considerations for a distributed relational database</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`