121 lines
8.8 KiB
HTML
121 lines
8.8 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Security" />
|
|
<meta name="abstract" content="The iSeries server has security elements built into the operating system to limit access to the data resources of an application server. Security options range from simple physical security to full password security coupled with authorization to commands and data objects." />
|
|
<meta name="description" content="The iSeries server has security elements built into the operating system to limit access to the data resources of an application server. Security options range from simple physical security to full password security coupled with authorization to commands and data objects." />
|
|
<meta name="DC.subject" content="security, for an, iSeries, distributed relational database security, database" />
|
|
<meta name="keywords" content="security, for an, iSeries, distributed relational database security, database" />
|
|
<meta name="DC.Relation" scheme="URI" content="rbal1kickoff.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rbal1secdb.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rbal1exitpgms.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rbal1objsec.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rbal1sqlaut.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rbal1adopt.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rbal1rdbpro.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rbal1secforadist.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rbal1secure" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Security</title>
|
|
</head>
|
|
<body id="rbal1secure"><a name="rbal1secure"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Security</h1>
|
|
<div><p>The <span class="keyword">iSeries™ server</span> has
|
|
security elements built into the operating system to limit access to the data
|
|
resources of an application server. Security options range from simple physical
|
|
security to full password security coupled with authorization to commands
|
|
and data objects.</p>
|
|
<p>Users must be properly authorized to have access to the database whether
|
|
it is local or remote. They must also have proper authorization to collections,
|
|
tables, and other relational database objects necessary to run their application
|
|
programs. This typically means that distributed database users must have valid
|
|
user profiles for the databases they use throughout the network. Security
|
|
planning must consider user and application program needs across the network.</p>
|
|
<p>A distributed relational database administrator is faced with two security
|
|
issues to resolve: </p>
|
|
<ul><li>System to system protection</li>
|
|
<li>Identification of users at remote sites</li>
|
|
</ul>
|
|
<p>When two or more systems are set up to access each other's databases, it
|
|
is important to make sure that the other side of the communications line is
|
|
the intended location and not an intruder. For DRDA<sup>®</sup> access to a remote relational database,
|
|
the <span class="keyword">iSeries server</span> use of Advanced
|
|
Program-to-Program Communication (APPC) and Advanced Peer-to-Peer
|
|
Networking<sup>®</sup> (APPN) communications configuration capabilities provides
|
|
options for you to do this network level security.</p>
|
|
<p>The second concern for the distributed relational database administrator
|
|
is that data security is maintained by the system that stores the data. In
|
|
a distributed relational database, the user has to be properly authorized
|
|
to have access to the database (according to the security level of the system)
|
|
whether the database is local or remote. Distributed relational database network
|
|
users must be properly identified with a user ID on the application server
|
|
(AS) for any jobs they run on the AS. Distributed
|
|
Relational Database Architecture™ (DRDA) support using both APPC/APPN and
|
|
TCP/IP communications protocols provides for the sending of user IDs and passwords
|
|
along with connection requests.</p>
|
|
<p>This topic collection discusses security topics that are related to communications
|
|
and DRDA access
|
|
to remote relational databases. It discusses the significant differences between
|
|
conversation-level security in an APPC network connection and the corresponding
|
|
level of security for a TCP/IP connection initiated by a DRDA application.
|
|
In remaining security discussions, the term <em>user</em> also includes remote
|
|
users starting communications jobs.</p>
|
|
</div>
|
|
<div>
|
|
<ul class="ullinks">
|
|
<li class="ulchildlink"><strong><a href="rbal1secdb.htm">Elements of distributed relational database security</a></strong><br />
|
|
A distributed relational database administrator needs to protect
|
|
the resources of the application servers in the network without unnecessarily
|
|
restricting access to data by <dfn class="term">application requesters (ARs)</dfn> in
|
|
the network.</li>
|
|
<li class="ulchildlink"><strong><a href="rbal1exitpgms.htm">DRDA server access control exit programs</a></strong><br />
|
|
A security feature of the Distributed
|
|
Relational Database Architecture (DRDA) server, for use with both Advanced
|
|
Program-to-Program Communication (APPC) and TCP/IP, extends the use of the
|
|
DDMACC parameter of the <span class="cmdname">Change Network Attributes (CHGNETA)</span> command
|
|
to DRDA.</li>
|
|
<li class="ulchildlink"><strong><a href="rbal1objsec.htm">Object-related security for DRDA</a></strong><br />
|
|
If the <span class="keyword">iSeries server</span> is
|
|
an application server (AS), there are two object-related levels at which security
|
|
can be enforced to control access to its relational database tables.</li>
|
|
<li class="ulchildlink"><strong><a href="rbal1sqlaut.htm">Authority to distributed relational database objects</a></strong><br />
|
|
You can use either the SQL GRANT and REVOKE statements or the control
|
|
language (CL) <span class="cmdname">Grant Object Authority (GRTOBJAUT)</span> and <span class="cmdname">Revoke
|
|
Object Authority (RVKOBJAUT)</span> commands to grant and revoke a user's
|
|
authority to relational database objects.</li>
|
|
<li class="ulchildlink"><strong><a href="rbal1adopt.htm">Programs that run under adopted authority for a distributed relational database</a></strong><br />
|
|
A distributed relational database program can run under adopted authority, which means the user adopts the program owner's authority to objects used by the program while running the program. When a program is created using the *SQL precompiler option for naming, the program runs under the program owner's user profile.</li>
|
|
<li class="ulchildlink"><strong><a href="rbal1rdbpro.htm">Protection strategies in a distributed relational database</a></strong><br />
|
|
Network security in an <span class="keyword">iSeries</span> distributed
|
|
relational database must be planned to protect critical data on any application
|
|
server (AS) from unauthorized access. But because of the distributed nature
|
|
of the relational database, security planning must ensure that availability
|
|
of data in the network is not unnecessarily restricted.</li>
|
|
</ul>
|
|
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rbal1kickoff.htm" title="Distributed database programming describes the distributed relational database management portion of the i5/OS licensed program. Distributed relational database management provides applications with access to data that is external to the applications and typically located across a network of computers.">Distributed database programming</a></div>
|
|
</div>
|
|
<div class="relref"><strong>Related reference</strong><br />
|
|
<div><a href="rbal1secforadist.htm" title="Part of planning for a distributed relational database involves the decisions you must make about securing distributed data.">Security considerations for a distributed relational database</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |