Ensure that physical layer protections make your sensitive
data resources readable only by
rpoolsrv and
the IT staff. In particular, make sure that the launch credential
for your general purpose workspace server (for example,
sassrv)
does not have physical access to the data.
For
third-party DBMS data, set up credentials in the metadata to enable
the puddle account to access those servers. You can make credentials
for a database server available to the puddle account by storing those
credentials in a login as part of the
Restricted
Puddle Access Group. For example, to provide access
to a DB2 server, give that group a login that includes a DB2 user
ID and password and that is associated with the DB2 server's
authentication domain.
Note: Some members of your IT staff
will also need to be able to authenticate to the database server.