DBARS Modernization Guide

DBARS enhances auditing of access to sensitive DB2 tables on z/OS. It records all SQL read and update access to tables defined with AUDIT ALL or AUDIT CHANGE, providing detailed information about each access event.

DBARS is an application that provides enhanced auditing and reporting capabilities for DB2 databases on z/OS. It is not a system or a tool set, but rather a focused application designed for security and compliance.

Organizations that require strict auditing and compliance for their DB2 databases on z/OS often use DBARS. This includes industries such as banking, finance, insurance, and government, where data security and regulatory compliance are critical.

A company should consider using DBARS when they need to enhance their DB2 auditing capabilities beyond the standard features. This is particularly relevant when dealing with sensitive data and regulatory requirements that mandate detailed access logging and reporting.

Alternatives to DBARS include CDB/Audit, SecureSphere Agent for z/OS, and SQL/AF. These products offer similar capabilities for auditing and securing DB2 environments, but may differ in their specific features, implementation, and integration options.

DBARS runs on the z/OS platform and is dependent on the DB2 subsystem. It operates within an LPAR and requires access to DB2 internal structures to capture SQL access events.

DBARS requires a z/OS environment with a DB2 subsystem. It integrates with DB2's auditing features and leverages z/OS security mechanisms for access control and data protection.

DBARS enhances the native DB2 auditing capabilities by providing more detailed information and reporting features. It extends the functionality of DB2's built-in auditing mechanisms.

DBARS captures SQL access events by monitoring DB2 activity. It records information such as the date and time of access, application server name, user IDs, program name, connection type, and SQLCODE.

DBARS helps organizations meet regulatory compliance requirements by providing detailed audit trails of DB2 access. This ensures that sensitive data is properly monitored and protected, reducing the risk of data breaches and compliance violations.

Without DBARS, organizations may lack the detailed auditing and reporting capabilities needed to effectively monitor access to sensitive DB2 data. This can lead to increased security risks, compliance issues, and difficulty in identifying and responding to unauthorized access.

DBARS provides reporting facilities that allow users to generate reports on DB2 access activity. These reports can be used for auditing, compliance, and security analysis.

DBARS supports various authentication methods used by DB2 and z/OS, including RACF, ACF2, and Top Secret. It leverages these security systems to authenticate users accessing DB2 data.

DBARS uses an access control model based on the underlying z/OS security system (RACF, ACF2, Top Secret) and DB2 privileges. It audits access based on these defined permissions.

DBARS logs all SQL read and update access to tables with AUDIT ALL or AUDIT CHANGE. This provides a comprehensive audit trail of data access events.

DBARS is typically deployed on-premise within the z/OS environment. It requires technical expertise to implement and configure, including knowledge of z/OS, DB2, and security systems.

Ongoing operational requirements for DBARS include monitoring the system for performance and errors, maintaining the configuration, and managing user access. Regular review of audit logs is also essential.

Common implementation challenges include configuring DBARS to properly integrate with the existing z/OS security systems, ensuring that the audit logs are properly stored and managed, and training staff on how to use the reporting features.