6.9 Restrict Access to SYSCAT.PACKAGEAUTH

Information

The SYSCAT.PACKAGEAUTH view contains a list of users or groups that has EXECUTE privilege on a package. It is recommended that the PUBLIC role be restricted from accessing this view.

Solution

Perform the following to revoke access from PUBLIC.
1. Connect to the DB2 database.
db2 => connect to $DB2DATABASE user $USERNAME using $PASSWORD
2. Run the following command from the DB2 command window-
db2 => REVOKE SELECT ON SYSCAT.PACKAGEAUTH FROM PUBLIC

See Also

https://workbench.cisecurity.org/files/162

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6

Plugin: IBM_DB2DB

Control ID: f73e98d24c843bec957de6e1cded45c070ce11d6f0e484ab82cb7966259215c8