Implementing multilevel security at the object level

You can implement multilevel security with Db2 at the object level.

Procedure

To implement multilevel security with Db2 at the object level:

  1. Define security labels in RACF® for all Db2 objects that require mandatory access checking by using the RDEFINE command.

    Define security labels for the following RACF resource classes:

    • DSNADM (administrative authorities)
    • DSNR (access to Db2 subsystems)
    • MDSNBP and GSNBP (buffer pools)
    • MDSNCL and GDSNCL (collections)
    • MDSNJR and MDSNJR (JAR)
    • MDSNPN and GDSNPN (plans)
    • MDSNSC and GDSNSC (schema)
    • MDSNSG and GDSNSG (storage groups)
    • MDSNSM and GDSNSM (system privileges)
    • MDSNSP and GDSNSP (stored procedures)
    • MDSNSQ and GDSNSQ (sequences)
    • MDSNTB and GDSNTB (tables, views, indexes)
    • MDSNTS and GDSNTS (table spaces)
    • MDSNUF and GDSNUF (user-defined functions)

    Recommendation: Define the security label SYSMULTI for Db2 subsystems that are accessed by users with different security labels and tables that require row-level granularity.

  2. Specify a proper hierarchy of security labels.

    In general, the security label of an object that is higher in the object hierarchy should dominate the security labels of objects that are lower in the hierarchy. RACF and Db2 do not enforce the hierarchy; they merely enforce the dominance rules that you establish.

    You can use RACF to define security labels for the Db2 objects in the following object hierarchy:

    • Subsystem or data sharing group
      • Database
        • Table space
          • Table
            • Column
            • Row
      • View
      • Storage group
      • Buffer pool
      • Plan
      • Collection
        • Package
      • Schema
        • Stored procedure or user-defined function
        • Java™ Archive (JAR)
        • Distinct type
        • Sequence

    The following examples suggest dominance relationships among objects in the Db2 object hierarchy.

    Example: A collection should dominate a package.

    Example: A subsystem should dominate a database. That database should dominate a table space. That table space should dominate a table. That table should dominate a column.

    Example: If a view is based on a single table, the table should dominate the view. However, if a view is based on multiple tables, the view should dominate the tables.

  3. Define security labels and associate users with the security labels in RACF. If you are using a TCP/IP connection, you need to define security labels in RACF for the security zones into which IP addresses are grouped. These IP addressed represent remote users.
    Give users with SYSADM, SYSCTRL, and SYSOPR authority the security label of SYSHIGH.
  4. Activate the SECLABEL class in RACF. If you want to enforce write-down control, turn on write-down control in RACF.
  5. Install the external security access control authorization exit routine (DSNX@XAC), such as the RACF access control module.