4.2.28 Restrict Access to SYSCAT.SECURITYPOLICIES

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The SYSCAT.SECURITYPOLICIES view contains all database security policies. It is recommended that the PUBLIC role be restricted from accessing this view.

Rationale:

PUBLIC should not be able to view all the database security policies.

Solution

Perform the following to revoke access from PUBLIC.

Connect to the Db2 database.

db2 => connect to <dbname>

Run the following command:

db2 => REVOKE SELECT ON SYSCAT.SECURITYPOLICIES FROM PUBLIC

See Also

https://workbench.cisecurity.org/files/4033