6.30 Restrict Access to SYSIBMADM.OBJECTOWNERS

Information

The SYSIBMADM.OBJECTOWNERS administrative view shows the complete object ownership information for each authorization ID for USER owning a system catalog defined object from the connected database.

Solution

Perform the following to revoke access from PUBLIC.
1. Connect to the DB2 database.
db2 => connect to $DB2DATABASE user $USERNAME using $PASSWORD
2. Run the following command from the DB2 command window-
db2 => revoke select on SYSIBMADM.OBJECTOWNERS from public

See Also

https://workbench.cisecurity.org/files/162

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CSCv6|5.1

Plugin: IBM_DB2DB

Control ID: e51f120696a1ab2e077dd4fa6361cd9502a79f7547eacfef7d4b9e0f594fc8de