Q
Problem solve Get help with specific problems with your technologies, process and projects.

Run a stored procedure in AS/400 with limited profile access

ISeries security expert Carol Woodbury explains how to run a stored procedure in AS/400 while restricting the access of the profile that makes the call.

An open systems function is making a call to AS/400 to run a stored procedure. Our security group needs to ensure that the profile used to make that call cannot do anything else (i.e. cannot call a different procedure or call an RPG-based program). How can I ensure that the process is given explicit access to call only that one function and nothing else? Do I grant authority to just that one stored procedure object?
If you are using one of the exit-point vendors' solutions, you could allow this specific stored procedure to be run and deny access to all other network interface calls (such as FTP or DDM calls. You would then need to make sure that the profile could not be used for interactive sign on. To do this, you'd need to make sure the initial program was *NONE and the initial menu was *SIGNOFF. However this configuration is not perfect or foolproof. I5/OS has not provided exit points for all entrances to the system, so the profile could still be used for Web applications and socket programs, if not more. Also, the profile could still be used to submit and run batch or scheduled jobs.
This was last published in March 2008

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close