Securing access to payroll operations and management with RACF

After implementation of RACF security, restrictions on how members of the payroll operations department access and handle sensitive payroll information must be unchanged.

The plan imposes the following restrictions on members of the payroll operations department:

Members of the payroll operations department can update any column of the employee table except for SALARY, BONUS, and COMM.
Members of payroll operations can update any row except for rows that are for members of their own department.

Because changes to the table are made only from the central location, distributed access does not affect payroll operations.

Views of payroll operations, and methods of securing compensation data are the same as those that are used when DB2 security is used.