Professional support for converting from Db2 native security to RACF®
Businesses using IBM Db2® database solutions often rely on Db2’s native security, which comes with certain shortcomings. Key Resources can help you convert from Db2 native security to RACF® to take advantage of its stronger security capabilities. We use our proprietary z/Assure® Security Conversion Utility (SCU4DB2)™, which offers a proprietary methodology that is flexible, easy to manage, and provides extensive management reporting capabilities.
Why switch from native Db2 security to RACF?
RACF offers several advantages over native Db2 security, including:
- Auditors should generate audit findings for using Db2 native security.
- Having DBAs maintain Db2 and perform security (GRANTs) violates the separation of functions.
- Reduces the number of security profiles that are required to implement your installation security policy, thus reducing administrative complexity and the work required to create and maintain your access control policy.
- Provides a more flexible access control mechanism.
- Eliminates fallout from cascading revocations.
- Allows security profiles to be defined before a Db2 object is created.
- Allows security profiles to be preserved when a Db2 object is dropped
- Consolidates security administration and audit for multiple Db2 subsystems or data sharing groups
- Consolidates Db2 audit data with ESM SMF data.
- RACF is responsible for access control, without having to make modifications to Db2 code.
Benefits of z/Assure® SCU4DB2
Our experts use z/Assure® SCU4DB2 to convert native Db2 security environments to RACF in phases. Our proprietary tool provides the following benefits:
- Automatically generates RACF® grouping class profiles to group related Db2 protected objects.
- Automatically generates RACF generic profiles to group related Db2 protected objects.
- Optionally adjusts access’s to RACF Db2 protection profiles to enable a more efficient RACF Db2 implementation.
- Optionally creates a new RACF Group structure for use by Db2 security using RACF.