ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvplandbfilesec.htm

49 lines
5.1 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Plan database file security" />
<meta name="abstract" content="This topic discusses the steps necessary to create a security plan for your database files." />
<meta name="description" content="This topic discusses the steps necessary to create a security plan for your database files." />
<meta name="DC.Relation" scheme="URI" content="rzamvplanrscsec.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="plandbfilesec" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Plan database file security</title>
</head>
<body id="plandbfilesec"><a name="plandbfilesec"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Plan database file security</h1>
<div><p>This topic discusses the steps necessary to create a security plan for your database files.</p>
<p>Structured Query Language (SQL) uses cross-reference files to keep track of database files and their relationships. These files are collectively referred to as the SQL catalog. Public authority to the SQL catalog is *READ. This means that any user who has access to the SQL interface can display the names and text descriptions for all files on your system. The SQL catalog does not affect the normal authority required to access the contents of database files.</p>
<p>Care should be taken when using a CL program that adopts authority to start SQL or Query Manager. Both of these query programs allow users to specify a file name. The user can, therefore, access any file that the adopted profile has authority to.</p>
<p><span class="uicontrol">Planning File Security</span></p>
<p>The information contained in database files is usually the most important asset on your system. Resource security allows you to control who can view, change, and delete information in a file. If users require different authority to files depending on the situation, you can use adopted authority. For critical files on your system, keep a record of what users have authority to the file.</p>
<p>If you use group authority and authorization lists, you need to keep track of users who have authority through those methods, as well as users who are directly authorized. If you use adopted authority, you can list programs that adopt the authority of a particular user using the Display Program Adopt (DSPPGMADP) command.</p>
<p>You can also use the journaling function on the system to monitor activity against a critical file. Although the primary intent of a journal is to recover information, it can be used as a security tool. It contains a record of who has accessed a file and in what way. You can use the Display Journal (DSPJRN) command to view a sampling of journal entries periodically.</p>
<p><span class="uicontrol">Securing Logical Files</span> </p>
<p>Resource security on the system supports field-level security of a file. You can also use logical files to protect specific fields or records in a file. A logical file can be used to specify a subset of records that a user can access (by using select and omit logic). Therefore, specific users can be prevented from accessing certain record types.</p>
<p>A logical file can be used to specify a subset of fields in a record that a user can access. Therefore, specific users can be prevented from accessing certain fields in a record. A logical file does not contain any data. It is a particular view of one or more physical files that contain the data. Providing access to the information defined by a logical file requires data authority to both the logical file and the associated physical files.</p>
<p></p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplanrscsec.htm" title="This topic describes each of the components of resource security and how they all work together to protect information on your system. It also explains how to use CL commands and displays to set up resource security on your system.">Plan resource security</a></div>
</div>
</div>
</body>
</html>