AWS AmazonRDS documentation change
Summary
Added documentation section about using fine-grained access control (FGAC) to control table data access via rdsadmin.fgac_command stored procedure
Security assessment
The change documents FGAC implementation for data access control, which is a security feature. While it enhances security through access control mechanisms, there's no indication this addresses a specific existing vulnerability or security incident.
Diff
diff --git a/AmazonRDS/latest/UserGuide/db2-managing-databases.md b/AmazonRDS/latest/UserGuide/db2-managing-databases.md index 4a8b365c1..561912550 100644 --- a//AmazonRDS/latest/UserGuide/db2-managing-databases.md +++ b//AmazonRDS/latest/UserGuide/db2-managing-databases.md @@ -5 +5 @@ -Creating a databaseConfiguring settings for a databaseModifying database parametersConfiguring log retentionListing log informationDeactivating a databaseActivating a databaseReactivating a databaseDropping a databaseBacking up a databaseRestoring a databaseListing databasesCollecting information about databasesForcing applications off of databasesGenerating performance reports +Creating a databaseConfiguring settings for a databaseModifying database parametersConfiguring log retentionListing log informationUsing fine-grained access control (FGAC)Deactivating a databaseActivating a databaseReactivating a databaseDropping a databaseBacking up a databaseRestoring a databaseListing databasesCollecting information about databasesForcing applications off of databasesGenerating performance reports @@ -24,0 +25,2 @@ You can also perform common management tasks such as monitoring, maintenance, an + * Using fine-grained access control (FGAC) + @@ -170,0 +173,20 @@ To list details about archive log files, including such details as total storage +## Using fine-grained access control (FGAC) + +To use fine-grained access control commands to control access to table data in a database on an RDS for Db2 DB instance, call the `rdsadmin.fgac_command` stored procedure. You might want to use FGAC to limit access to data based on user roles or data attributes. For example, you could limit access to patient health care data based on the type of data or to certain medical care providers. + +###### To use fine-grained access control to control access to table data in a database + + 1. Connect to the `rdsadmin` database using the master username and master password for your RDS for Db2 DB instance. In the following example, replace `master_username` and `master_password` with your own information. + + db2 "connect to rdsadmin user master_username using master_password" + + 2. Run various fine-grained access control commands by calling `rdsadmin.fgac_command`. For more information, see [rdsadmin.fgac_command](./db2-sp-managing-databases.html#db2-sp-fgac-command). + + db2 "call rdsadmin.fgac_command( + ?, + 'database_name', + 'fgac_command')" + + + +