6.26 Restrict Access to SYSCAT.VARIABLEAUTH

Information

The SYSCAT.VARIABLEAUTH view contains the granted privileges on a global variable for users, groups, or roles and is read only.

Solution

Perform the following to revoke access from PUBLIC.
1. Connect to the DB2 database.
db2 => connect to $DB2DATABASE user $USERNAME using $PASSWORD
2. Run the following command from the DB2 command window-
db2 => revoke select on syscat.variableauth from public

See Also

https://workbench.cisecurity.org/files/162

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6

Plugin: IBM_DB2DB

Control ID: 35b1c468dafba431441162abc5b1a42a29ad8ba66ae3df80c174b5a57f9b3e3c