Security in a CICS DB2 environment

In the CICS® DB2® environment, there are four main stages at which you can implement security checking. These are:

You can also use RACF, or an equivalent external security manager, to protect the components that make up CICS and DB2 from unauthorized access. You can apply this protection to DB2 databases, logs, bootstrap data sets (BSDSs), and libraries outside the scope of DB2, and to CICS data sets and libraries. You can use VSAM password protection as a partial replacement for the protection provided by RACF. "CICS system resource security" in the CICS RACF Security Guide gives you more information about this.

Start of changeDB2 Version 8 introduced support for multilevel security. Multilevel security and row-level security explains what to do if multilevel security is active in your DB2 environment.End of change

Note:
In this section, we refer to RACF as the external security manager used by CICS. Except for the explicit RACF examples, the general discussion applies equally to any functionally equivalent non-IBM® external security manager.

Figure 24 shows the security mechanisms involved in a CICS DB2 environment.

Figure 24. Overview of the CICS DB2 security mechanisms
 Four security mechanisms are shown: CICS security, DB2 security, RACF (resource access control facility), and VSAM security. CICS security, in the CICS address space, authenticates users at sign-on, and checks that users are authorized to use transactions. DB2 security or RACF, in the DB2 address space, checks users' authority and privileges with respect to DB2 objects (such as plans and tables). RACF, which is optional, can be used to verify that a CICS system is allowed to connect to DB2; to authenticate a user at sign-on to CICS; to check that CICS users are authorized to use transactions; and to protect CICS and DB2 data sets and libraries from unauthorized access. VSAM security, which is optional, uses VSAM passwords to protect table spaces, VSAM catalogs, DB2 system data sets and DL/I database VSAM data sets.

Related concepts
Controlling access to DB2 resources in CICS
Providing authorization IDs to DB2 for the CICS region and for CICS transactions
Authorizing users to access resources within DB2
Multilevel security and row-level security
[[ Contents Previous Page | Next Page Index ]]