September 29, 2009

Curtailing the SYSADM Privilege

For years I worked as a consultant for numerous companies. While managing databases supporting banks and health insurers, I had full access to sensitive production data. I could view financial data about my neighbors and friends. I could see personal health information about myself and others. I've also had access to my co-workers' payroll data.

Access to private information comes with the territory for DBAs. And while I've never taken advantage of this access- and I've never heard of another DBA doing so--I can see how it could happen. The openings are there, and it's easy to imagine a disgruntled employee, or someone facing a financial crisis and desperate for money, taking advantage of their access.

Having access to the data stored in DB2 tables has been inherent with the DB2 system administration SYSADM privilege. However, IBM will address this issue in the next release of DB2 (DB2 X for z/OS) by removing data access from the SYSADM privilege. This is a positive change that will help strengthen security in production environments. However, it does not address the issue of copying data to test, where everyone can see it.

And that's the point. IBM is always working to secure the systems it produces and sells, but companies still have much to do on their own. Hopefully your company already "de-identifies," or masks, sensitive data before copying it to test. But if not, there's a DB2 X for z/OS feature that you should know about. I'll cover this soon.