ACF2 DB2 table column Security
search cancel

ACF2 DB2 table column Security

book

Article ID: 197841

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC

Issue/Introduction

How to limit access to selected ACF2 logonids for select columns.

Environment

Release : 16.0

Component : CA ACF2 Option for Db2

Resolution

Resource rules for DB2 are written the same as any other resource. First, you need to define the resource to the infodir. For tables and views that is 'R-DTBL'. Once you have that defined and refresh the INFODIR record you can begin writing rules.

For example, the following SQL GRANT statement for system DSNP to allow user PAYCLK to update column SALARY and EXEMPTION :

Grant Insert/update/select/delete(vndr_bd_indu_txt, vndr_prpse_cd, vndr_srce_cd) ON TABLE PERSONEL.PAYROLL TO TESTUSR
 
Would be equivalent to the ACF rule:
$KEY(PERSONEL.PAYROLL) TYPE(TBL)
$SYSID(DSNP)
UID(***TESTUSR) SERVICE(INSERT,UPDATE,SELECT,DELETE) COLUMN(VNDR_BD_INDU_TXT, VNDR_PRPSE_CD, VNDR_SRCE_CD) LOG
 

The SYSID would be subject to the system where this is running, DSNP was just an example. The log at the end is the permission type to give a user, available values are: allow, log, and prevent. Will also need rules to prevent users from those columns and allow users access to the rest of the table. Something on the lines of:

UID(-) SERVICE(INSERT,UPDATE,SELECT,DELETE) COLUMN(VNDR_BD_INDU_TXT, VNDR_PRPSE_CD, VNDR_SRCE_CD) prevent
uid(-) SERVICE(INSERT,UPDATE,SELECT,DELETE) allow

Powered by Wolken Software