4.2.15 Restrict Access to SYSCAT.INDEXAUTH

Information

The SYSCAT.INDEXAUTH view contains a list of users or groups that have CONTROL access on an index. It is recommended that the PUBLIC role be restricted from accessing this view.

Rationale:

The list of all users with access to an index should not be exposed to the public.

Solution

Revoke access from PUBLIC.

Connect to the Db2 database.

db2 => connect to <dbname>

Run the following command:

db2 => REVOKE SELECT ON SYSCAT.INDEXAUTH FROM PUBLIC

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: IBM_DB2DB

Control ID: 3f41ceed9aafc47e5e1507f2ca89a520f005695cfde07bac43adf1727ccbe4ce