Ensure that physical layer
protections make your sensitive data resources readable only by
rpoolsrv and the IT staff. In particular, make
sure that the launch credential for your general purpose workspace
server (for example,
sassrv) does not have physical access to the data.
For third-party DBMS data, set up credentials
in the metadata to enable the puddle account to access those servers.
You can make credentials for a database server available to the puddle
account by storing those credentials in a login as part of the
Restricted Puddle Access Group. For example,
to provide access to a DB2 server, give that group a login that includes
a DB2 user ID and password and that is associated with the DB2 server's
authentication domain.
Note: Some members of your IT staff
will also need to be able to authenticate to the database server.