IBM PureData System for Analytics (Netezza) and Db2 security compatibility

In Netezza®, authentication can occur either within the database or with an external entity such as an external LDAP server, if you configured the product to support that. Authorization occurs within the database. In Db2®, authentication occurs outside the database, and authorization generally occurs inside the database.

In Netezza, privileges are typically not granted directly to the user. Instead, they are granted indirectly, to groups to which users are assigned. Db2 products also use database objects to help simplify administration. In Db2, privileges and authorities (a somewhat similar concept to privileges) are typically granted to roles to which users or other roles are assigned. All of the authorities and privileges that you grant to a particular role are inherited by whatever users or other roles that you assign to that particular role. A Db2 system comes with two built-in user roles:

Administrator: People with the Administrator role have access to all of the features in the web console. They can manage database access by creating and deleting users, assigning users to roles, and performing other security-related functions, such as changing user passwords. A Db2 environment comes with a built-in ID called bluadmin that has the Administrator role.
User: People with the User role have access to many of the features in the web console and can manage their own user profiles. They also have full access to their own tables and can give other users permission to access and use those tables.

If the built-in user roles do not provide enough flexibility, people with the Administrator role can create user-defined roles with different authorities and privileges and assign those roles to users.

To add or delete users and assign them to or remove them from built-in roles, people with the Administrator role use the web console. People with the Administrator role can also use the console to grant privileges and authorities to roles and revoke that access by creating GRANT and REVOKE SQL statements either directly or, in some cases, by using GUI controls. To create or delete user-defined roles and manage membership in those roles, people with the Administrator role can issue SQL statements by using the web console, CLPPlus, or the Data Studio client.

In a Netezza system, you can use Multi-Level Security (MLS) to define rules to control access to row-secure tables. In a Db2 system, you can use row and column access control (RCAC) to control access to a table at the row level, column level, or both. RCAC is based on two sets of rules: one set operates on rows (row permissions), and the other set operates on columns (column masks). To create, alter, and drop RCAC rules, you use SQL statements.

For details about differences between Netezza and Db2 SQL that are related to security, see IBM PureData System for Analytics (Netezza) and Db2 SQL compatibility.