Db2 is a bit unusual among RDBMSes in that it does not perform authentication. No matter what, you need some external authority to perform authentication. Usually that is either the OS or LDAP, though there are other options. If using…
Purpose To list the database authorities held by an ID or group – authorities, not privileges. This information is not available in sysibmadm.privileges. The format of syscat.dbauth has columns with ‘Y’ or ‘N’ in them, and reading that quickly to…
Edit: 01/23/2018 – corrected one word not in an SQL statement. I have written several other articles on security and permissions, but I thought I would write one from a purely practical perspective. If you don’t understand the basics of…
Some applications are really good at continually trying to re-establish connections to a database. This can be useful when I want to quickly bounce the database and have the app reconnect without also having to bounce the app. It is…
Updated 13 September 2016 to use more correct wording around how and when the access plan is generated and reused. As a new DB2 for LUW DBA or developer it can take a while to understand the difference between static…
I get it. The database server is a single point in many environments that have many points at most levels. Therefore any problem that affects more than one point must be the database. As DBAs, sometimes we feel the database…
Like any software, DB2 requires frequent patching. A database should be one of the most secure parts of any enterprise, and keeping it secure means keeping up with the fixes that are delivered in fix packs. Fix Packs DB2 delivers…
This post is not meant to be a comprehensive coverage of security, but an overview such that those newer to DB2 know what areas they may want to research further. Users, Authentication, and Authorization I’ve already covered this in some…
I’ve recently implemented native encryption for a small database on a server that is somewhat oversized on CPU and memory. One of the things I noticed after encrypting my database was both increased backup duration and increased backup size. Backup…
With fixpack 5 of DB2 10.5, IBM introduced Native Encryption for data at rest in DB2. This is a fairly significant new feature for introduction in a fixpack. It does require separate licensing – either the Advanced Edition of ESE…
To go with my recent article on RCAC/FGAC, I thought I would do some similar work using LBAC and see what I could learn about it and the differences between the two. What is LBAC Label Based Access Control essentially…
DB2 10.1 introduced a new feature commonly called RCAC (Row and Column Access Control) or FGAC(Fine-Grained Access Control). This is a bit less labor intensive to support than LBAC (Label Based Access Control), and solves some of the problems with…