I believe, the very short answer to this is:
you give the DB2 GRANTs to RACF groups instead of individual users,
and then you use RACF to do the administration of the RACF groups,
that is: if anyone needs some DB2 rights, you make him or her a member
of the proper RACF group.
You need a naming convention to know what DB2 rights are contained
in what RACF group. Maybe you could pack all tables that belong to an
"application" or a "system" in one RACF group and make the name of the
RACF group
the name of the application or the system. Or: one RACF group for all
the tables
in your DB2 test or development system etc.
Kind regards
Bernd
Am 07.07.2012 15:06, schrieb Mohamed Juma:
Hi list,
I have a conser about using RACF to secure the access to our data base for users and administration instead of using
internal security.
Can any one give me clue for such implementation;
Mohamed Juma
________________________________
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
