IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 48

Administrator Getting the most from your systems DB2 9 Features Help Ensure Compliance BY JIM PICKEL s everyone is aware, regulations such as the Sarbanes-Oxley Act are requiring corporate executives to provide and ensure increased levels of financial and operational discipline. To help comply with these laws, most enterprises are implementing new measures that cross financialreporting boundaries and processes, which in turn impacts internal business and computing operations. Privacy regulations such as those imposed by HIPAA create operational discipline on a company’s IT operations that have similar impact. This article describes how new features in DB2* 9 for z/OS* can help ensure data compliance by allowing more accountability through the use of better identity controls and improved auditing capabilities. The most common view of compliance relates to people: who can access which systems and what data, what can they do with those systems and what happens when someone owns access to data and then leaves. Users perform many tasks when they access information systems. Each of these tasks can be viewed as a role the user plays. A user’s capability to access systems and manipulate data is typically a function of the user’s role. When an enterprise defines roles, creates objects owned by roles (not users), assigns privileges to roles and then defines which users and which roles can be used by an application, it can enforce internal business policies, audit user access and provide separation of duties within their DB2 systems, which, in fact, own and control access to the data. 48 M AY/J U N E 2 0 0 9 ibms ystemsmag .com/mai nframe A Roles and Trusted Context A role is a database entity that groups together one or more privileges. It may also own database objects, eliminating the need for individual users to own and control database objects. A role is assigned to a user when an application accesses DB2 on the behalf of that user within a trusted context. It then provides privileges in addition to the current set of privileges granted to the primar y and secondar y au t hor i z at ion I D s . W he n t he u s e r e x it s t he application, the user no longer has that role and thus has none of the associated privileges. A role can only be assigned to a user or a group of users through a trusted context. A trusted context is a new database object that an administrator can create. It provides the capability to establish a trust relationship between DB2 and external entities such as applications. When an external entity establishes a connection to DB2, the database evaluates a series of trust attributes to determine if that external entity and its connection can be associated with a unique trusted context. Generally, a single user controls most application servers accessing DB2, and that user’s ID is entered for all DB2 access. This approach has many operational benefits. Having all interactions with DB2 under a single user eases access control, but it also eliminates any user accountability and any way to enforce internal business policies. Such access is potentially a compliance problem since many regulations require the capability to know who issued accesses or modified data on DB2.

IBM Systems Magazine, Mainframe digital edition - May/June 2009

Table of Contents for the Digital Edition of IBM Systems Magazine, Mainframe digital edition - May/June 2009

IBM Systems Magazine, Mainframe digital edition - May/June 2009
Table of Contents
Editor's Desk:  High-Flying Security
Trends:  IBM Cognos 8 BI for Linux on System z Makes Reliable Data Available Anywhere
IT Today:  New System x and BladeCenter Servers Help Your Organization Reach Its Goals
Focus on Storage: Virtual Tape Facility for MainframeJoins IBM Arsenal
Q & A:  Hybrid Technology Takes Supercomputing Beyond Moore’s Law
Case Study:  The City and County of Honolulu Allows Its Applications to Dictate the Platforms on Which They Run
Cover Story:  IBM’s z/VM is a Proven Solution for Today’s IT Environments
Feature:  IBM’s Dynamic Infrastructure Helps Companies Reduce Costs, Manage Risks and Improve Services
Administrator:  DB2 9 Features Help Ensure Compliance
Product News
Advertiser Index
Stop Run:  Barry Merrill’s Accidental DiscoveriesEnhance the Mainframe
Reference Point
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - IBM Systems Magazine, Mainframe digital edition - May/June 2009
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Cover2
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 1
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Table of Contents
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 3
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 4
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 5
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 6
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 7
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Editor's Desk:  High-Flying Security
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 9
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Trends:  IBM Cognos 8 BI for Linux on System z Makes Reliable Data Available Anywhere
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 11
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 12
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 13
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - IT Today:  New System x and BladeCenter Servers Help Your Organization Reach Its Goals
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 15
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 16
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 17
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 18
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 19
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Focus on Storage: Virtual Tape Facility for MainframeJoins IBM Arsenal
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 21
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 22
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 23
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Q & A:  Hybrid Technology Takes Supercomputing Beyond Moore’s Law
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 25
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 26
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 27
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Case Study:  The City and County of Honolulu Allows Its Applications to Dictate the Platforms on Which They Run
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 29
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 30
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 31
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Cover Story:  IBM’s z/VM is a Proven Solution for Today’s IT Environments
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 33
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 34
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 35
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 36
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 37
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 38
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 39
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Feature:  IBM’s Dynamic Infrastructure Helps Companies Reduce Costs, Manage Risks and Improve Services
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 41
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 42
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 43
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 44
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 45
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 46
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 47
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Administrator:  DB2 9 Features Help Ensure Compliance
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 49
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 50
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 51
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Product News
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 53
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 54
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Advertiser Index
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Stop Run:  Barry Merrill’s Accidental DiscoveriesEnhance the Mainframe
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Cover3
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Cover4
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Reference Point
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - RF2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2020mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20191112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
http://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
http://www.nxtbook.com/nxtbooks/mspcomm/ibmsystems_mainframe_200901
http://www.nxtbookMEDIA.com