6.25 Restrict Access to SYSCAT.MODULEAUTH

Information

The SYSCAT.MODULEAUTH view contains all granted privileges on a module for users, groups, or roles and is read only.

Solution

Perform the following to revoke access from PUBLIC.
1. Connect to the DB2 database.
db2 => connect to $DB2DATABASE user $USERNAME using $PASSWORD
2. Run the following command from the DB2 command window-
db2 => revoke select on syscat.moduleauth from public

See Also

https://workbench.cisecurity.org/files/162

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6

Plugin: IBM_DB2DB

Control ID: 7bd602047a38eedbdfdc8358fa7a6fa93ef338354eaceb0ba61c0870d1caf418