Db2 Security

Last time we looked at Db2v13 improvements in the areas of Availability, Resiliency, and Scalability and Performance. This time we look at how Db2v13 improves on Security and Simplification and Serviceability.

Improving the security and protection of data is one of the most important goals for most organizations these days as the amount of data, and its importance to the organization, skyrockets. And Db2 13 for z/OS delivers several new capabilities for improving the security of your enterprise data.

A security improvement that spans the security and performance categories is a series of enhancements that reduce the contention for Security Manager resources when accessing Db2. Native Db2 security checking automatically uses an authorization cache, but Db2 13 enables this caching for external security users, as well. This should result in improved performance for organizations that enable external security for Db2 access. 

IBM also provides more flexibility for managing plans, packages, and SQL routines in Db2 13 for z/OS. New owner type support is added in Db2 13 enabling the DBA to control the ownership of plans, packages, and SQL routine packages using the DBA role without depending on the security administrator. For stored procedures and functions, the CREATE and ALTER statements have been modified so that the owner type can be ROLE or USER. The same owner type support has been added to the BIND and REBIND commands for packages and plans.

Db2 13 also improves support for the z/OS Integrated Cryptographic Service Facility (ICSF), which added the decrypt-only archived key enhancement in z/OS 2.5. Db2 13 delivers support for the decrypt-only archived key when a key label is specified by using the Db2 interfaces for data set encryption. 

Furthermore, Db2 13 now supports the IBM Z Security and Compliance Center with automated collection of Db2 data for compliance processes. Db2 for z/OS listens for the appropriate signal generated by the z/OS Compliance Agent services and generates SMF 1154 trace records for the recommended system security parameter settings. This can improve the ease of integrating Db2 into your compliance and security management requirements.

Simplification and Serviceability 

Another key focus for Db2 13 functionality is to improve the ease of use and serviceability of Db2. Db2 13 continues the improvements made with Db2 12 in terms of continuous delivery with function levels. Furthermore, the actual migration process continues to be streamlined and improved, making it easier to move from version to version of Db2.

Db2 13 delivers application management improvements as well, such as more granular control of locking with a new lock timeout special register and a global variable for weighting deadlocks (as discussed earlier). Additionally, the ability to dynamically control the package RELEASE option using application Profile tables should make it easier to introduce DDL changes while applications run. 

Other serviceability improvements have been introduced in Db2 13 such as improved diagnostics (Index Manager and page reject information) and a new IFCID (306) for improved data replication with EDITPROCs.

Next time, we’ll wrap up our survey of Db2v13 with a quick look at IBM Utilities.


Regular Planet Mainframe Blog Contributor
Craig Mullins is President & Principal Consultant of Mullins Consulting, Inc., and the publisher/editor of The Database Site. Craig also writes for many popular IT and database journals and web sites, and is a frequent speaker on database issues at IT conferences. He has been named by IBM as a Gold Consultant and an Information Champion. He was recently named one of the Top 200 Thought Leaders in Big Data & Analytics by AnalyticsWeek magazine.

Leave a Reply

Your email address will not be published. Required fields are marked *