Ask the Expert

DB2/400 field-level security

I'm currently running V4R5 on a model 720. I'm using Crystal Report Writer and want to apply security in DB2/400 at the field level. For instance, I want departments to have access to their own payroll data, but no one else's. Is this possible?

There are two ways to restrict user update and read requests to specific fields of a physical database file:

Create a logical view of the physical file that includes only those fields to which you want your users to have access. See "Using logical files to secure data" for more information.

Or you could use the SQL GRANT statement to grant update authority to specific columns of an SQL table. See About DB2 UDB for iSeries SQL Programming Concepts for more information.

For more information about the GRANT and REVOKE statements themselves, see About DB2 UDB for iSeries SQL reference. One major limitation of this latter method is that field level security only works for SQL type accesses, and only for *CHANGE –- not for *READ.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips


This was first published in September 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: