'Re: DB2 internal security RACF external security'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: DB2 internal security RACF external security
From:       "Sokolsky, Hayim Z." <hsokolsky () DTCC ! COM>
Date:       2018-03-20 20:54:54
Message-ID: CY4PR15MB1142909932D301E179E3BF79D8AB0 () CY4PR15MB1142 ! namprd15 ! prod ! outlook ! com
[Download RAW message or body]

The simple answer is that you can migrate table by table and object by obje=
ct, as you see fit.

The more complex answer is that there is indeed a migration sequence in goi=
ng from native DB2 to RACF. This is due to the nature of how DB2 checks are=
 performed and how they interact with the RACF/DB2 interface.

1. You must migrate SYSADM and SYSOPR first. I actually recommend migrating=
 all of the SYSUSERAUTH and SYSDBAUTH attributes first. If you do not do th=
is then SYSADM and DBADM will not be recognized for the tables you migrate. =


2. You can migrate tables and views (they live in the same class) on a tabl=
e by table basis. However, it is far easier to migrate a whole application =
or common owner at one time. It keeps the migration simpler.

3. After you've migrated tables and views, then you migrate the collections=
, packages, and plans that belong to the application. You can migrate the a=
pplication's packages and plans any time after you've migrated the tables. =
You don't have to migrate all tables before moving on. It's your choice.

4. Last but not least, migrate everything else.


Hayim Sokolsky
Director, Security Architect
Security Architecture and Technology
Technology Risk Management
DTCC Tampa
Direct: +1 813 470-2177 | hsokolsky@dtcc.com



Visit us at www.dtcc.com or follow us on Twitter @The_DTCC=A0 and on Linked=
In.
To learn about career opportunities at DTCC, please visit dtcc.com/careers.

Classification:=A0 DTCC Public (WHITE)

The views I have expressed in this email are my own personal views, and are=
 not endorsed or supported by, and do not necessarily express or reflect, t=
he views, positions or strategies of my employer.

-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of Re=
gina Scott
Sent: Tuesday, March 20, 2018 16:38
To: RACF-L@LISTSERV.UGA.EDU
Subject: Re: DB2 internal security RACF external security

ATTENTION! This email originated outside of DTCC; exercise caution.


Test and QA was done with warning mode 5 years ago but we can't use warning=
 mode in production.

Thanks,
Gina Scott
UBS AG
MMS + - Service Operations
Office hours are 8:00 AM to 4:00 PM
1000 Harbor Blvd. 10th Floor
Weehawken, New Jersey 07086
Telephone External:    19422-0571
Telephone Internal:     201-352-0571
regina.scott@ubs.com


-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of Bo=
bby Sagami
Sent: Tuesday, March 20, 2018 3:54 PM
To: RACF-L@LISTSERV.UGA.EDU
Subject: Re: DB2 internal security RACF external security

But you should able to warn mode in test environ?   Implement warn, full au=
diting to understand "behavior" via smf recs, then create prod profiles acc=
ordingly.


-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of Re=
gina Scott
Sent: Tuesday, March 20, 2018 11:32 AM
To: RACF-L@LISTSERV.UGA.EDU
Subject: DB2 internal security RACF external security

Hi,

We cannot use warning mode to implement DB2 under RACF so can the conversio=
n be done 1 application at a time or all application must be converted at t=
he same time?


Thanks,
Gina Scott
UBS AG
MMS + - Service Operations
Office hours are 8:00 AM to 4:00 PM
1000 Harbor Blvd. 10th Floor
Weehawken, New Jersey 07086
Telephone External:    19422-0571
Telephone Internal:     201-352-0571
regina.scott@ubs.com



Please visit our website at
http://financialservicesinc.ubs.com/wealth/E-maildisclaimer.html
for important disclosures and information about our e-mail policies. For yo=
ur protection, please do not transmit orders or instructions by e-mail or i=
nclude account numbers, Social Security numbers, credit card numbers, passw=
ords, or other personal information.
Confidentiality Notice: This transmission (including any attachments) may c=
ontain confidential information belonging to the sender and is intended onl=
y for the use of the party or entity to which it is addressed. If you are n=
ot the intended recipient, you are hereby notified that any disclosure, cop=
ying, distribution, retention or the taking of action in reliance on the co=
ntents of this transmission is strictly prohibited. If you have received th=
is transmission in error, please immediately notify the sender and erase al=
l information and attachments.

Please visit our website at
http://financialservicesinc.ubs.com/wealth/E-maildisclaimer.html
for important disclosures and information about our e-mail
policies. For your protection, please do not transmit orders
or instructions by e-mail or include account numbers, Social
Security numbers, credit card numbers, passwords, or other
personal information.
DTCC DISCLAIMER: This email and any files transmitted with it are confident=
ial and intended solely for the use of the individual or entity to whom the=
y are addressed. If you have received this email in error, please notify us=
 immediately and delete the email and any attachments from your system. The=
 recipient should check this email and any attachments for the presence of =
viruses.  The company accepts no liability for any damage caused by any vir=
us transmitted by this email.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic