Using a trusted context in an application can improve security by placing accountability at the middle-tier, reducing over granting of privileges, and auditing of end-user's activities.
Trusted contexts are supported for DB2 for z/OS v9.x and higher and DB2 for Common Server v9.5 and higher. PowerDesigner models trusted contexts as extended objects with a stereotype of <<TrustedContext>>.
You can modify an object's properties from its property sheet. To open a trusted context property sheet, double-click its Browser entry in the Trusted Contexts folder.
The following extended attributes are available on the DB2 tab:
|
Name |
Description |
|---|---|
|
Enable |
Specifies that the trusted context is created in the enabled state. Scripting name: Enable |
|
Authorization |
Specifies that the context is a connection that is established by the authorization ID that is specified by authorization-name. Scripting name: Authorization |
|
Default role |
Specifies the default role that is assigned to a user in a trusted connection when the user does not have a role in the trusted context. If empty, then a No Default Role is assumed. Scripting name: DefaultRole |
|
As object owner |
[DB2 for z/OS only] Specifies that the role is treated as the owner of the objects that are created using a trusted connection based on the trusted context. Scripting name: WithRoleAsObjectOwner |
|
Default security label |
[DB2 for z/OS only] Specifies the default security label for a trusted connection based on the trusted context. Scripting name: DefaultSecurityLabel |
|
Attributes |
Specifies one or more connection trust attributes that are used to define the trusted context. Scripting name: Attributes |
|
With use for |
Specifies who can use a trusted connection that is based on the trusted context. Scripting name: WithUseFor |