I have implemented CMOD to Bank, and there is security requirement about Database user account.
They are not allow DB2 instance owner to used by any application. They assume that CMOD is application tier
However, in my opinion CMOD is Report Repository, and ARCHIVE user is just service account
(that does not interactive with DB2 like another application style)
How can I explain, have some documents, or workaround to passed this security requirement?
This CMOD system will be migrated from CMOD Old version that installed by default options
(CMOD Instance owner is ARCHIVE that is ARCHIVE DB2 instance owner)
CMOD requires this access to manage tables, tablespaces, and tablespace containers. It's possible to turn this off, but it's not advised, as it creates problems that must be fixed with manual intervention every time.
-JD.