Determining active security measures
If you are a security auditor, you must know the security measures that are enabled on the Db2 subsystem.
About this task
You can determine whether Db2 authorization checking, the audit trace, and data definition control are enabled in the following ways:
- Audit trace
- To see whether the trace is running, display the status of the trace by the command DISPLAY TRACE(AUDIT).
- Db2 authorization checking
- Without changing anything, look at panel DSNTIPP. If the value of the USE PROTECTION field is YES, Db2 checks privileges and authorities before permitting any activity.
- Data definition control
- Data definition control is a security measure that provides additional constraints to existing authorization checks. With it, you control how specific plans or collections of packages can use data definition statements. To determine whether data definition control is active, look at option 1 on the DSNTIPZ installation panel.