Securing the Security System
Overview
No matter how many features of the new security system you use, it will be undermined if access to the security control files is not, at least, as restrictive as access to the remainder of the data.
Some of the methods by which the security system can be made secure are discussed here.
SYSMAN Account
The SYSMAN account is the key to the whole security system and should be well protected.
A user should be defined as database manager and allocated unique file access keys. The SYSMAN account and all the files within it should be protected with the same keys. The SYSMAN account should also be password protected.
The SYSMAN account can be further protected by adding it to the list of inaccessible accounts in all security profiles apart from SYSMAN and by allowing the SYSMAN security profile to be allocated to a user logging on from a secure terminal only.
SYSTEM File
The SYSTEM file is the root of the filing system, and should be secured both against accidental and malicious corruption. Ideally, both retrieval and update privileges should be restricted to the database manager.
System Debugger
Anyone with access to the System Debugger can, given enough time and ingenuity, break the security. Therefore, access to this debugger should be allocated very sparingly.