In 2012, I wrote about Function Usage Capabilities. That blog post reviewed user interfaces for function usage information, which includes a set of commands, APIs, and the Application Administration graphical user interface.
(more…)The blog post on Functional Usage Capabilities gives an overview of function usage IDs. Since that blog was written, two additional function usage IDs that were introduced for Db2 access control. These function usage IDs were added in the 6.1 and 7.2 releases.
(more…)A reader comment from last week’s blog asked the question:
Where can I find detailed documentation that describes exactly what each of these FUNCTION IDs controls? Does one of the available function IDs allow me to control interactive SQL usage? I have some users (new programmers, support people, etc.) where I want to prohibit the DELETE, UPDATE, CREATE operations but allow a SELECT operation.
(more…)Did you know that you can limit access to system functions by registering which users can access which functions? You can allow access or deny access via the function usage capabilities; depending on the component, you could allow one user to change some settings and allow another user to only view those settings. Many system components support the use of function usage capabilities to provide more granular access to their capabilities. Functional usage does not eliminate or replace the need for securing resources on your system; it simply provides an additional way to control what functions a user can access.
(more…)Security never sleeps. On IBM i, we understand that we must continue to invest in delivering improved security auditing, security deployment and granularity of security controls.
(more…)