DB2 Universal Database Security
Nine percent (9%) of the DB2 UDB V8.1 Family Fundamentals certification exam (Exam 700) is designed to test your knowledge about the mechanisms DB2 Universal Database uses to protect data and database objects against unauthorized access and modification. The questions that make up this portion of the exam are intended to evaluate the following:
-
Your ability to identify the methods that can be used to restrict access to data stored in a DB2 UDB database.
-
Your ability to identify each authorization level used by DB2 UDB.
-
Your ability to identify each privilege used by DB2 UDB.
-
Your ability to identify how specific authorizations and/or privileges are given to a user.
This chapter is designed to introduce you to the various authorization levels and privileges that are available with DB2 Universal Database and to the tools that are used to give or revoke one or more authorizations/privileges to users and groups.
Terms you will learn:
-
Authentication
-
Authentication Type
-
Kerberos
-
Trusted Client
-
Untrusted Client
-
Authorities
-
Privileges
-
System Administrator authority
-
System Control authority
-
System Maintenance authority
-
Database Administrator authority
-
Load authority
-
Database Privileges
-
Object Privileges
-
GRANT
-
REVOKE
Techniques you will master:
-
Understanding how users are authenticated and how to control where authentication takes place.
-
Understanding how DB2 Universal Database controls data access through a wide variety of authorities and privileges.
-
Understanding the differences between authorities and privileges, and knowing how they compliment each other to protect data.
-
Recognizing the types of authorities available and knowing what each one allows a user to do.
-
Recognizing the types of privileges available and knowing what each one allows a user to do.
-
Understanding how authorities can be given to (granted) or taken away from (revoked) users and groups.
-
Understanding how privileges can be given to (granted) or taken away from (revoked) users and groups.
Controlling Database Access
It has been said that one of the fastest growing crimes in America today is an act known as “identity theft.” By obtaining the right information, an identity thief can borrow large amounts of money or make expensive purchases in someone else's name, leaving that individual in alarming financial shape. So, just where can this information, which should be closely guarded, be found? Chances are it has been collected and entered into some body's database. (Think about the paperwork you had to fill out the last time you started a new job, opened a new bank account, or bought a new car. More likely than not, the information you provided on that paperwork—information that identifies who you are—was transferred to a database for future use.)
Every database management system must be able to protect data against unauthorized access and/or modification. DB2 Universal Database uses a combination of external security services and internal access control mechanisms to perform this vital task. In most cases, three different levels of security are employed: The first level controls access to the instance a database was created under, the second controls access to the database itself, and the third controls access to the data and data objects that reside within the database.