Security

The IBM® i operating system has built in security elements that limit access to data resources of a server. Security options range from simple physical security to full password security coupled with authorization to commands and data objects.

Users must be properly authorized to have access to the database whether it is local or remote. They must also have proper authorization to collections, tables, and other relational database objects necessary to run their application programs. This typically means that distributed database users must have valid user profiles for the databases they use throughout the network. Security planning must consider user and application program needs across the network.

A distributed relational database administrator is faced with two security issues to resolve:

When two or more systems are set up to access each other's databases, it is important to make sure that the other side of the communications line is the intended location and not an intruder. For DRDA access to a remote relational database, the IBM i use of Advanced Program-to-Program Communication (APPC) and Advanced Peer-to-Peer Networking (APPN) communications configuration capabilities provides options for you to do this network-level security.

The second concern for the distributed relational database administrator is that data security is maintained by the system that stores the data. In a distributed relational database, the user has to be properly authorized to have access to the database (according to the security level of the system) whether the database is local or remote. Distributed relational database network users must be properly identified with a user ID on the server for any jobs they run on the server. Distributed Relational Database Architecture™ (DRDA) support using both APPC/APPN and TCP/IP communications protocols provides for the sending of user IDs and passwords along with connection requests.

This topic collection discusses security topics that are related to communications and DRDA access to remote relational databases. It discusses the significant differences between conversation-level security in an APPC network connection and the corresponding level of security for a TCP/IP connection initiated by a DRDA application. In remaining security discussions, the term user also includes remote users starting communications jobs.

Parent topic: Distributed database programming
Related reference:
Security considerations for a distributed relational database