All geek questions in one place

How to revoke Windows Administrator user permission from DB2?

In IBM DB2 v.9 windows, when someone connects to the database with the Server \ Administrator user, will the DB2 database automatically accept and grant all permissions to this user? But in some cases, the server administrator does not have to see all the data in the database. So, how to prevent the administrator from using a database connection?

+3
source share
5 answers

At 9.5 years and older, this would not be possible, because the account under which your instance is running is SYSADM. In addition, the administrator can reset at least the local passwords of the account and access them, which makes it impossible to change the account owner’s account.

However, from 9.7 onwards, the instance owner will no longer have access to the data. One option is up to 9.7. In addition, you can set up an AD account for connections used by your applications. The local administrator can optionally change these credentials.

However, the Administrator ultimately has access to the database files (usually not encrypted). Basically, you can improve the administrative aspect of security.

+1
source

DB2 CONNECT, . ,

GRANT CONNECT ON DATABASE TO <user1>, <user2>, ...

CONNECT PUBLIC

REVOKE CONNECT ON DATABASE FROM PUBLIC
0

Umm... , , DB2 .

, .

0

, , sysadm.

, ( ), :

  • sysadm - ( "db2 update dbm cfg using sysadm_group blah" ). gotchas, , , .
  • . ( 8.2 ). , , , (, LDAP). , , sysadm .
0

Windows SYSADM_GROUP , SYSADM . SYSADM_GROUP ( Windows), DB2 "" .

To fix this, you can create a new group in Windows, and then change the value SYSADM_GROUPto use this new group. Verify that the identifier that runs in DB2 belongs to this new group. After you make this change, members of the Administrators group no longer have authority SYSADM.

According to Kevin Beck, you can also take a look at limiting CONNECTdatabase permissions , because by default privilege is CONNECTgranted to PUBLIC.

0
source

Source: https://habr.com/ru/post/1699192/

More articles:


All Articles