Top Secret For DB2 1.3 Not Protecting DB2 Resources
search cancel

Top Secret For DB2 1.3 Not Protecting DB2 Resources

book

Article ID: 49561

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

After upgrading to Top Secret for DB2 1.3, DB2 resources are no longer protected. A user can delete/add a row in a DB2TABLE with SELECT access.

Resolution

This problem arises with Top Secret for DB2 1.3 and was not visible with Top Secret for DB2 1.2 because to be compliant with DB2 9.1 and above, there is an additional check made by Top Secret for DB2 against a new DB2SYS resource: DATAACCESS.

The DB2SYS resource did not have the DEFPROT attribute, so Top Secret for DB2 returned an RC 04 which allowed the user access to the table instead of denying the access like with previous Top Secret for DB2 release.

If the DEFPROT attribute was set, then Top Secret for DB2 would return RC 08 and access would be denied like it was in Top Secret for DB2 1.2.

Some DB2 resource classes in the RDT do NOT have the DEFPROT attribute. You MUST run the DB13RDT job of the CADBJCL0 library to add the DEFPROT attribute to these resource classes.

Here is an example:

//DB13RDT   JOB                                                            
//*********************************************************************    
//*         CA TOP SECRET OPTION FOR DB2 1.3                          *    
//*         COPYRIGHT (C) 2010, CA, INC.                              *    
//*                                                                   *    
//*         MEMBER:    DB13RDT                                        *    
//*         FUNCTION:  TURN ON DEFAULT PROTECTION FOR DB2 RESOURCES   *    
//*********************************************************************   
//DB13RDT EXEC PGM=IKJEFT01,DYNAMNBR=25,REGION=2048K                      
//SYSTSPRT  DD SYSOUT=*                                                   
//SYSTSIN   DD *                                                          
TSS REPLACE(RDT) RESCLASS(DB2BUFFP) ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2COLL)  ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2DBASE) ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2FUNC)  ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2PKG)   ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2PLAN)  ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2PROC)  ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2SCHMA) ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2STOGP) ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2SYS)   ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2TABLE) ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2TABSP) ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2TYPE)  ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2JAR)   ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2SEQ)   ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2TRCON) ATTR(DEFPROT)                         
TSS REPLACE(RDT) RESCLASS(DB2ROLE)  ATTR(DEFPROT)                         
//
Powered by Wolken Software