IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 50

Administrator With these capabilities, security administrators can create database-administrator procedures that can be audited and protected. access security-zone names that contain the IP address in the Resource Access Control Facility (RACF*) SERVAUTH class. Alternatively, a connection attribute can be a JOBNAME. For example, RRSAF is the started task job or started task name. For the time-sharing option (TSO), it’s the TSO logon ID. For BATCH, it’s the job name on JOB statement. users to utilize the trusted connection, without the need to authenticate the new user. To allow a trusted connection to be used by different users, the administrator adds users to the list of users associated with the trusted context. After the application commits a transaction, it can request a different user be associated with the cur rent connection, which eliminates the need for the connection to be disconnected and a new connection be established. If no users are provided for a context or the user isn’t found in the allowed list of users, then the current user isn’t allowed access and receives an error. An example of defining a trusted context to allow an application to use a connection on behalf of another user is: CREATE TRUSTED CONTEXT CTX1 BASED UPON CONNECTION USING SYSTEM AUTHID WASADM1 ADDRESS ‘9.26.113.204’ DEFAULT ROLE CTXROLE ALLOW USER JOE ROLE JROLE; CREATE TRUSTED CONTEXT CTX2 BASED UPON CONNECTION USING SYSTEM AUTHID WASADM2 ADDRESS ‘9.26.113.204’ DEFAULT ROLE CTXROLE ALLOW USER *; Acquiring Context-Specific Privileges Using Roles The current DB2 security model treats the authorization ID privileges as universally applicable, irrespective of the context of the action. The lack of control of when a privilege is available to a user can weaken overall security, since the privilege may be used for purposes other than those originally intended. For example, if an authorization ID is granted SELECT privilege on the payroll table, that authorization ID could exercise that privilege regardless of how it gains access to the table. However, a company could desire, for better security, to grant SELECT privilege on the payroll table to an authorization ID only when it’s connected from a computer located inside the company offices. Roles should provide added flexibility and greatly simplify authorization management while providing an opportunity for system administrators to control access to enterprise objects within their enterprise’s structure. New SQL statements allow an administrator to define or drop a role. To create a role and a trusted context with default role assigned: CREATE ROLE CTXROLE; CREATE TRUSTED CONTEXT CTX1 BASED UPON CONNECTION USING SYSTEM AUTHID WASADM1 ADDRESS ‘9.26.113.204’ DEFAULT ROLE CTXROLE; Alternatively, you don’t have to define the explicit list of users in the trusted context; you can use an EXTERNAL SECURITY PROFILE to control the list of users through the RACF. To suppor t roles in tr usted context, DB2 extends the GRANT and REVOKE statements to add roles to the list of authorization names to which privileges are granted and revoked. One or more privileges can be granted to a role. For example: GRANT SELECT ON T1 TO ROLE ROLE1; GRANT BIND ON PLAN DSN9PLN TO ROLE ROLE1; Using a Trusted Connection for a Different User Once a trusted connection is established, DB2 allows different 50 M AY/J U N E 2 0 0 9 ibms ystemsmag .com/mai nframe Creating a Role-Owned DB2 Object DB2 allows objects to be created using role privileges in a trusted context. Changing the role on a context or for a user shouldn’t have any impact on the objects created using it. Also, enabling or disabling a trusted context doesn’t affect these objects. However, these objects created using role privileges within a trusted context don’t prevent the objectowner access to the object outside the trusted context. For example, suppose role R1 has been assigned to some trusted context that isn’t defined and objects are owned by the role. Further, suppose this trusted context could use a trusted connection under user “Bob.” Bob can create a view that’s dependent on a privilege held by role R1. Since Bob owns the object and not the role, Bob will have access to the view, even outside the trusted context.

IBM Systems Magazine, Mainframe digital edition - May/June 2009

Table of Contents for the Digital Edition of IBM Systems Magazine, Mainframe digital edition - May/June 2009

IBM Systems Magazine, Mainframe digital edition - May/June 2009
Table of Contents
Editor's Desk:  High-Flying Security
Trends:  IBM Cognos 8 BI for Linux on System z Makes Reliable Data Available Anywhere
IT Today:  New System x and BladeCenter Servers Help Your Organization Reach Its Goals
Focus on Storage: Virtual Tape Facility for MainframeJoins IBM Arsenal
Q & A:  Hybrid Technology Takes Supercomputing Beyond Moore’s Law
Case Study:  The City and County of Honolulu Allows Its Applications to Dictate the Platforms on Which They Run
Cover Story:  IBM’s z/VM is a Proven Solution for Today’s IT Environments
Feature:  IBM’s Dynamic Infrastructure Helps Companies Reduce Costs, Manage Risks and Improve Services
Administrator:  DB2 9 Features Help Ensure Compliance
Product News
Advertiser Index
Stop Run:  Barry Merrill’s Accidental DiscoveriesEnhance the Mainframe
Reference Point
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - IBM Systems Magazine, Mainframe digital edition - May/June 2009
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Cover2
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 1
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Table of Contents
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 3
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 4
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 5
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 6
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 7
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Editor's Desk:  High-Flying Security
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 9
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Trends:  IBM Cognos 8 BI for Linux on System z Makes Reliable Data Available Anywhere
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 11
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 12
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 13
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - IT Today:  New System x and BladeCenter Servers Help Your Organization Reach Its Goals
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 15
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 16
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 17
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 18
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 19
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Focus on Storage: Virtual Tape Facility for MainframeJoins IBM Arsenal
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 21
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 22
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 23
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Q & A:  Hybrid Technology Takes Supercomputing Beyond Moore’s Law
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 25
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 26
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 27
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Case Study:  The City and County of Honolulu Allows Its Applications to Dictate the Platforms on Which They Run
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 29
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 30
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 31
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Cover Story:  IBM’s z/VM is a Proven Solution for Today’s IT Environments
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 33
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 34
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 35
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 36
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 37
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 38
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 39
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Feature:  IBM’s Dynamic Infrastructure Helps Companies Reduce Costs, Manage Risks and Improve Services
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 41
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 42
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 43
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 44
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 45
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 46
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 47
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Administrator:  DB2 9 Features Help Ensure Compliance
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 49
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 50
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 51
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Product News
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 53
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - 54
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Advertiser Index
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Stop Run:  Barry Merrill’s Accidental DiscoveriesEnhance the Mainframe
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Cover3
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Cover4
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - Reference Point
IBM Systems Magazine, Mainframe digital edition - May/June 2009 - RF2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20191112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
http://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
http://www.nxtbook.com/nxtbooks/mspcomm/ibmsystems_mainframe_200901
http://www.nxtbookMEDIA.com