Detections
Analytics

4.2.30 Restrict Access to SYSCAT.SECURITYPOLICYEXEMPTIONS

Information

The SYSCAT.SECURITYPOLICYEXEMPTIONS view contains the exemption to a security policy that was granted to a database account. It is recommended that the PUBLIC role be restricted from accessing this view.

Rationale:

PUBLIC should not be able to view all the exemptions to the database security policies.

Solution

Perform the following to revoke access from PUBLIC.

Connect to the Db2 database.

db2 => connect to <dbname>

Run the following command:

db2 => REVOKE SELECT ON SYSCAT.SECURITYPOLICYEXEMPTIONS

 FROM PUBLIC

See Also

https://workbench.cisecurity.org/benchmarks/23492

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: IBM_DB2DB

Control ID: 3d15bc4dd6da2e9120c8a7189ce663c1884a1486cb6743cc185bd10a11c2b9e3