Db2 security model overview
Two modes of security control access to the Db2® database system data and functions. Access to the Db2 database system is managed by facilities that reside outside the Db2 database system (authentication), whereas access within the Db2 database system is managed by the database manager (authorization).
Authentication
Authentication is the process by which a system verifies a user's identity. User authentication is completed by a security facility outside the Db2 database system, through an authentication security plug-in module. A default authentication security plug-in module that relies on operating-system-based authentication is included when you install the Db2 database system. For your convenience, the Db2 database manager also ships with authentication plug-in modules for Kerberos and lightweight directory access protocol (LDAP). To provide even greater flexibility in accommodating your specific authentication needs, you can build your own authentication security plug-in module.
The authentication process produces a Db2 authorization ID. Group membership information for the user is also acquired during authentication. Default acquisition of group information relies on an operating-system based group-membership plug-in module that is included when you install the Db2 database system. If you prefer, you can acquire group membership information by using a specific group-membership plug-in module, such as LDAP.
Authorization
After a user is authenticated, the database manager determines if that user is allowed to access Db2 data or resources. Authorization is the process whereby the Db2 database manager obtains information about the authenticated user, indicating which database operations that user can perform, and which data objects that user can access.
- Primary permissions: those granted to the authorization ID directly.
- Secondary permissions: those granted to the groups and roles in which the authorization ID is a member.
- Public permissions: those granted to PUBLIC.
- Context-sensitive permissions: those granted to a trusted context role.
- System-level authorization
The system administrator (SYSADM), system control (SYSCTRL), system maintenance (SYSMAINT), and system monitor (SYSMON) authorities provide varying degrees of control over instance-level functions. Authorities provide a way both to group privileges and to control maintenance and utility operations for instances, databases, and database objects.
- Database-level authorization
The security administrator (SECADM), database administrator (DBADM), database access control (ACCESSCTRL), database data access (DATAACCESS), SQL administrator (SQLADM), workload management administrator (WLMADM), and explain (EXPLAIN) authorities provide control within the database. Other database authorities include LOAD (ability to load data into a table), and CONNECT (ability to connect to a database).
- Schema-level authorization
The schema-level authorities have been designed on the same principle as the database authorities and provide control over the objects defined in a schema. The schema administrator (SCHEMAADM), schema access control administrator (ACCESSCTRL), and schema data access administrator (DATAACCESS) have the privileges to create and manage objects in a schema, grant and revoke privileges on objects defined in the schema and the schema itself, and access as well as manage data in the schema respectively. The schema LOAD authority allows users to load data in to the tables defined in the schema.
- Object-level authorization
Object level authorization involves checking privileges when an operation is performed on an object. For example, to select from a table a user must have SELECT privilege on a table (as a minimum).
- Content-based authorization
Views provide a way to control which columns or rows of a table specific users can read. Label-based access control (LBAC) determines which users have read and write access to individual rows and individual columns.
You can use these features, in conjunction with the Db2 audit facility for monitoring access, to define and manage the level of security your database installation requires.