Have a need to restrict users from 2 views I am creating in db2.  The views will be under the high-level db2 prefix of PRR. Only certain users should be allowed access to these. 

Also, have a need to protect the data from being seen by unauthorized programs.   Can this be done?  Only authorized programs could access the view with the protected columns.  Other programs would have no access to those fields.   Is this possible to get at this level?   

Release : 16.0

Component : CA ACF2 for z/OS

In DB2, to prevent access to a column in a table, create a view. This view would not include any columns from a table that users shouldn't be able to access. Once the view is created, GRANT SELECT access to the view. In ACF2, the rule line for the view would look like the following:


$key(view.viewname) type(tbl)
UID(uid of user) SERVICE(SELECT) allow

ACF2 allows column specific actions only to prevent users from updating or referencing certain columns from a table. To do so specify those rules separately from other rule lines. For example, if you want UID(uid of user) to delete,insert and select from a table but not update columns, use the following rule lines:

UID(uid of user) SERVICE(DELETE,INSERT,SELECT) allow
UID(uid of user) SERVICE(UPDATE) COLUMN(col name 1,col name 2) PREVENT

In your case you are looking to prevent users access to parts of the table. The previous lines would not help with that.