Application of DB2 database in the Insurance Industry

Source: Internet
Author: User
Tags sybase database

Guidance:In recent years, with the improvement of people's living standard, many people have begun to buy insurance, which also accelerates the rapid development of the insurance industry,Insurance IndustryIt is generally oriented to the public, so the database is in a relatively important position for the insurance industry. It is precisely becauseDB2 databaseThe system has many advantages, so some insurance companies choose the DB2 database system. The Unix operating system + DB2 database is used as the background, and the foreground uses the C/S or B/S mode for operation. In addition, DB2 Information Integrator is used to integrate data stored in heterogeneous databases such as DB2, SQL server, and Oracle, so that all data appears to be integrated into one database, this greatly facilitates users' access to various types of data. This article mainly introduces the main features of DB2 database, one of the mainstream databases, and its security control methods.

At this stage, there are several relatively good types of large databases:

1. Oracle database of Oracle company;

2. IBM's DB2 database;

3. Sybase's Sybase database;

4. Informix Database (acquired by IBM );

5. Microsoft SQL Server database.

DB2 database is a product of IBM, and its prototype is IMS V1 developed by ibm on the IBM360 computer, is the first, most famous, and most typical hierarchical database management system. We will mainly discuss IBM's DB2 database system.

Database Security

Verify

One of the most basic concepts of database security is verification. This is a simple process through which the system confirms the user's identity. The user can respond to the authentication request by providing authentication or verification token.

If the user authentication is successful, DB2 records the user's identity and other related security information, such as the user group list. You must use the authorization name or authid authorized by DB2 to be recognized by DB2. The authorization name or authorization ID can be the same as the user ID or ing value. This connection information will be retained during user connection.

Authorization

Verified users will participate in the Level 2-authorization of DB2 security. Authorization is a process in which DB2 obtains information about verified DB2 users, including database operations that users can perform and data objects that users can access.

Authorization can be divided into two different categories: permissions and privileges.

1. Permissions

Permission provides a way to group privileges and control more advanced maintenance and operations on database managers and utilities. Database-related permissions are stored in the database directory. system permissions are related to group members. For a given instance, they are stored in the database manager configuration file. DB2 has four predefined permission levels: SYSADM, SYSCTRL, SYSMAINT, and DBADM. SYSADM, SYSCTRL, and SYSMAINT operate on the entire server at the instance level. Each level has its own group-based privileges and access rules. These permissions are defined in the Database Manager configuration file of each instance. The DBADM authorization level is linked to a specific database in the server instance, and the permission level is automatically granted to the user who creates the database. DBADM grants all possible component-based privileges to the database and all objects in it. By default, SYSADM has all possible group-based privileges for the entire system, including the database (SYSADM has implicit DBADM permissions ).

DB2 uses more than one vertical authorization stream. For each user request, multiple authorization checks may be required based on the involved objects and operations. Authorization is performed using the DB2 tool. The DB2 system directory records the privileges associated with each authorization name. Compare the authenticated user's authorization name, the user's group, and the recorded user's privileges. Based on the comparison results, DB2 decides whether to allow access requests.

DB2 Security Mechanism blocks the TESTING user identity because it knows that this user is not authorized to execute such a command. In this case, TESTING is obviously not SYSADM.

2. Privileges

Privilege defines a single License for the authorization name, so that users can modify or access database resources. The privileges are stored in the database directory. Although a permission group predefines a group of privileges that can be implicitly granted to group members, the permissions are independent permissions.

DB2 can use user groups maintained by operating system security functions. The group allows the database administrator to assign privileges to the group, which helps reduce the total cost of ownership of the database system.

In general, dynamic SQL and non-database object authorization (for example, instance-level commands and utilities) are applicable to group member relationships. Dynamic SQL is a non-scheduled or instantly generated SQL statement. Static SQL statements are not applicable to group members (except for PUBLIC groups ). Static SQL is known to DB2 before execution, and the DB2 optimizer has generated an SQL access plan and stored it as a data packet in the directory.

A specific user ID, a specific group (PUBLIC) that all users automatically belong to, or multiple groups can be granted (or revoked) each type of privilege.

Access Control Method

DB2 provides a framework for more powerful access control. The access control method is used to create a subset of information content, so that users can view or access only the data they need. You can use many different access control methods in DB2. Access control exists for all the operations you perform in the database. DB2 Access Control provides a framework that is very important for protecting your data in DB2 and providing row-level access to data.

Use Data Packet Access Control. A data packet is a collection of information related to one or more SQL statements. It is the basic access control point for SQL statements in DB2. The data packet contains information such as the access plan and authorization model generated by the optimizer. Any statements sent to the database engine are related to specific data packets.

When a data packet is created, it is bound to a database with specific privileges. The person who creates the data packet must have the privileges required to execute all static SQL statements in the data packet. Users who run data packets must also have the EXECUTE privilege for this data packet, but they do not have the one-to-one privilege for executing all static statements contained in the data packet.

Use view access control. View is another access control method that restricts low-level (also known as "Row-level") access to data. By using views, you can hide rows and columns of sensitive information residing in the original table from SQL statements. You can grant the view permission to allow users to access information. Because these privileges only apply to views and do not affect basic tables, the user's access scope is limited to views, which are generated by creating a subset of the data in the required tables. The with check option even provides more security because it does not allow specific SQL statements to change rows that are read without the permission in the view.

Use trigger access control. By using triggers, you can create more complex security mechanisms. When a specific event occurs, the security mechanism is activated. The INSERT statement of a table is an example event that can be used to trigger a trigger. In addition, triggers can be triggered before or after a specific event to provide a more dynamic security audit. If your statement does not pass the security review in the trigger, the errors generated from the trigger body will prevent the table from being modified.

Use USER-specific register access control. The dedicated register name provided by DB2 is USER, which contains the user id used to connect to the database in the current session. You can use the values stored in special registers in the view to customize the view for specific users. By using special registers, you can make the table-based views vary with users. You can also apply this technique to triggers and SQL statements.

Review function

DB2 audit tools allow you to maintain audit trails for events that occur within an instance. Successful Data Access Attempt monitoring and subsequent analysis can improve data access control and ultimately prevent malicious or unintentional unauthorized data access. Then, a report can be extracted from these recorded events for analysis.

Other features of the DB2 database

  DB2 V9 XML support

Compared with other database management systems, DB2 V9 has made significant innovations. In fact, DB2 9 provides XML support not only for XML data, but also for some problems that are hard to solve Using relational models. Compared with the classic relational data model, DB2 V9 supports XML.

DB2 Optimization

DB2's performance in processing the datawarehouse system should be excellent. At the same time, DB2 has done a perfect job for the optimizer. For most complex queries, it can effectively rewrite it into the optimal statement, and allocate reasonable execution plans.

DB2 limitations

DB2 has its own advantages and disadvantages. DB2 has some shortcomings in the closing mechanism. This is related to the DB2 design framework. The use of memory locks improves efficiency while also having the highest requirement on system optimization. If you are not doing enough to optimize the database itself and the application, DB2 will be prone to lock wait.

Databases in the insurance industry are relatively important. Because the DB2 database system has many advantages, some insurance companies choose the DB2 database system. The Unix operating system + DB2 database is used as the background, and the foreground uses the C/S or B/S mode for operation. In addition, DB2 Information Integrator is used to integrate data stored in heterogeneous databases such as DB2, SQL server, and Oracle, so that all data appears to be integrated into one database, this greatly facilitates users' access to various types of data.

Insurance seems to be very important in today's society. DB2 Databases play a very important role in the insurance industry, including vehicle insurance, mobile insurance, and foot insurance, this has promoted the development of the insurance industry.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.