2 options
Multilevel security and DB2 row-level security revealed / [Chris Rayns ... et al.].
- Format:
- Book
- Series:
- IBM redbooks.
- IBM redbooks
- Language:
- English
- Subjects (All):
- Computer security.
- IBM Database 2.
- Physical Description:
- xiv, 216 p. : ill.
- Edition:
- 1st ed.
- Place of Publication:
- San Jose, CA : IBM, International Technical Support Organization, c2005.
- Language Note:
- English
- Contents:
- Front cover
- Contents
- Notices
- Trademarks
- Preface
- The team that wrote this redbook
- Become a published author
- Comments welcome
- Part 1 Multilevel security
- Chapter 1. MLS overview
- 1.1 What is multilevel security
- 1.2 Why multilevel security
- 1.3 Access Controls
- 1.4 Introduction to Mandatory Access Control
- 1.4.1 Security labels
- 1.4.2 Dominance, equivalence, and disjoint
- 1.4.3 MAC Access
- 1.5 Multilevel security in z/OS with RACF
- 1.5.1 SECLABELs
- 1.5.2 Multilevel security in action
- 1.6 DB2 and multilevel security
- 1.7 Before turning on multilevel security
- 1.8 Multilevel security vocabulary
- 1.9 Common Criteria
- 1.9.1 zSeries 990 Achieves Prestigious EAL5 Assurance Certification
- 1.9.2 eServer zSeries running z/OS
- Chapter 2. Security labels
- 2.1 Security labels and data classification policies
- 2.2 Mandatory access control
- 2.3 Discretionary access control
- 2.4 Security levels and Security categories
- 2.5 Defining security labels
- 2.6 Authorizing users to access security labels
- 2.7 Using security labels
- 2.8 Dominance
- 2.8.1 Comparing security labels
- 2.9 Security label authorization checking
- 2.10 Using system-specific security labels in a sysplex
- Chapter 3. Implementing MLS
- 3.1 Background
- 3.2 Defining SECLABEL names for your situation
- 3.3 Defining resource names to RACF
- 3.4 Defining the attributes of resources
- 3.5 Notes from the MLS book
- 3.5.1 System tasks that we did customize
- 3.5.2 System tasks that we did not customize
- Chapter 4. MLS as applied to TCP/IP communications
- 4.1 z/OS TCP/IP and the SERVAUTH class
- 4.1.1 Stack access control
- 4.1.2 Network access control
- 4.1.3 The notion of port of entry (POE)
- 4.2 The MLS networking environment
- 4.2.1 Some MLS basics (again).
- 4.3 Setting up MLS for z/OS TCP/IP communications
- 4.3.1 Our test configuration
- 4.3.2 Our test
- 4.4 The big theoretical picture - TCP
- 4.4.1 Sequence of events
- Part 2 DB2 Security
- Chapter 5. DB2 access control overview
- 5.1 Authorization IDs for accessing data within DB2
- 5.1.1 Processing connections
- 5.1.2 Processing sign-ons
- 5.2 DB2 managed security
- 5.3 DB2 external security
- Chapter 6. DB2 V8 and multilevel security
- 6.1 Multilevel security in DB2
- 6.2 Row-level security as a subset of multilevel security
- 6.2.1 The need for row-level security
- 6.2.2 DB2 solutions
- 6.2.3 New concepts for DB2 people
- 6.2.4 RACF requirements for basic SECLABEL processing
- 6.2.5 RACF built-in security labels
- 6.2.6 Using security labels
- 6.2.7 Write-down in DB2
- 6.2.8 DB2 row-level security implementation
- 6.2.9 Accessing data in a table defined with row-level security
- 6.2.10 Summary
- 6.3 Additional considerations about row-level security
- 6.3.1 DB2 utilities and multilevel security
- 6.3.2 Security labels and indexes
- 6.3.3 Restrictions when using multilevel security with row granularity
- 6.3.4 DB2 session variable
- 6.3.5 Using views to restrict access
- 6.4 DB2 multilevel security implementation at the object level
- 6.5 Sample scenario
- 6.5.1 Preparation steps
- 6.5.2 Row-level security applied on SELECT
- 6.5.3 Row-level security applied on INSERT
- 6.5.4 Row-level security applied on UPDATE
- 6.5.5 Row-level security applied on DELETE
- 6.5.6 RACF-controlled write-down
- 6.6 Real-world implementation
- 6.6.1 Introduction
- 6.6.2 Preparation suggestions
- 6.6.3 A suggested procedure
- 6.6.4 Designing the population process
- Chapter 7. RACF access control module
- 7.1 z/OS environment
- 7.1.1 Security labels
- 7.1.2 RACF access control module
- 7.1.3 DB2
- 7.2 Scenarios.
- 7.2.1 Scenario 1. SETR MLS not active
- 7.2.2 Scenario 2. SETR MLS active
- 7.2.3 Scenario 3. SETR MLS not active, RACF profile protection used
- 7.2.4 Scenario 4. SETR MLS not active, RACF profile protection with SECLABELs in profiles
- 7.2.5 Scenario 5. SETR MLS active, RACF profile protecting without SECLABELs in profile
- 7.2.6 Scenario 6. SETR MLS and SETR MLACTIVE active, RACF profile protection
- 7.2.7 Scenario 7
- 7.3 Conclusion
- Part 3 Appendixes
- Appendix A. RACF options that control the use of security labels
- RACF options that control the use of security labels
- COMPATMODE and NOCOMPATMODE
- MLACTIVE and NOMLACTIVE
- MLFSOBJ
- MLIPCOBJ
- MLNAMES and NOMLNAMES
- MLQUIET and NOMLQUIET
- MLS and NOMLS
- MLSTABLE and NOMLSTABLE
- SECLABELAUDIT and NOSECLABELAUDIT
- SECLABELCONTROL and NOSECLABELCONTROL
- SECLBYSYSTEM and NOSECLBYSYSTEM
- Appendix B. APAR PQ94303
- Related publications
- Other publications
- Referenced Web sites
- How to get IBM Redbooks
- Help from IBM
- Index
- Back cover.
- Notes:
- "April 2005."
- "SG24-6480-00."
- Includes bibliographical references and index.
- OCLC:
- 61447503
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.