Upgrade To V7.2
- For IBM Support
- AND SAVE MONEY
The most compelling reason to move up to V7.2 is to stay on a supported version of IBM i OS.
As you may know V5R4 and V6R1 are not actively supported.
V7.1 support and enhancements are withdrawn April 30, 2018. You can still get support if you pay for Service Extension.
Before you conclude “I’ll just stay at V7.1 with Service Extension”, find out the cost. Once my clients understand the cost for Service Extension — and it is BIG, relative to your SWMA fee — it is clearly less expensive to upgrade beyond V7.1…HANDS DOWN.
What New Features Does V7.2 Include
Secure Your Business At The Definition Of Your Data – New Features Of DB2 For i
IBM seems to have honed in on security with this release including significant new functions in DB2 for i systems management.
With security being so important these days, IBM delivered new capabilities in 7.2 known as row and column access control (RCAC), which provides security above and beyond the object level. The new RCAC feature of DB2 for i allows system administrators to set rules on column and row access, but prevents them from seeing or updating the data. This creates a nice separation of duty; the end user can work with the data, while the engineer can only create the rules or policies.
Until V7.2, we only had all or nothing when it came to read data access, i.e. if a user had authority to read a file (table), then they had the authority to read every record (row) in that file. This is something we have all just gotten used to and it is only now, when we stop to think about IBM’s solution to this, that we realize just how exposed it has left us.
We have been raised on object-based security and we have always expected this to be the be-all and end-all of data security. If anything, it has been our applications that have restricted which subset of data we have been able to see.
This is, of course, still an excellent foundation for security and is good as far as it goes but one of the main problems is that now we all connect to our systems using “smart” workstations, most of which have a wealth of data-mining tools like ODBC built-in. This means that with just a little bit of knowledge of the DSPJOB command, you can work out which files you have open behind any application screen you might be looking at.
Incidentally, the DSPJOB command is one of the few commands that you are still permitted to use even when your user has it command-line-disabled. What is more, you can evoke it from within virtually any screen of any application.
Tip: if there is some data you want access to export, go to the program that you would normally use to view that data, then take the SysRq 3 option (usually shift + esc, then type 3 and enter). From this DSPJOB menu take option 14 to display the open files. Now you know exactly which files in which libraries to start looking in.
In short, object- based security by itself is no longer good enough and this is where Row and Column Access Control (RCAC) comes into play. What it allows you to do is decide which user or users get to see which records and fields (rows and columns) in any given file or files.
This means you can even limit the ability of your system administrators to look at data while still being able to allocate the appropriate security access to their users. So, for example, that troublesome payroll file that you have always worried about protecting from prying eyes can now be secured with ease. With RCAC even security officers could be restricted from viewing the contents of such files while still being able to perform all necessary admin functions upon them.
Need help with your upgrade to IBM i V7.2? Email me at blosey@source-data.com or call me at 714-593-0387.
Leave a Reply