
	Home > Ask the AS/400 Experts > Questions & Answers > Prevent users from changing database files

Ask The iSeries 400 Expert: Questions & Answers

EMAIL THIS

Prevent users from changing database files

EXPERT RESPONSE FROM: Carol Woodbury

		Pose a Question

		Other iSeries 400 Categories

		Meet all iSeries 400 Experts
		Become an Expert for this site

QUESTION POSED ON: 17 February 2004
How can I limit users from changing databases file? I'm working with an 820 iSeries with V4R5.

You have a couple of options for preventing users from changing database files on your iSeries using Client Access Express or iSeries Access for Windows (as it's called in V5R2.) The most robust option is to use object level security on the database files. If users only have *USE authority to the file, they will only be able to view or read it but not update records. This authority applies to every means of accessing the file - from the command line, a submitted job, a web application, ftp, remote command or any of the Client Access functions. However, you must make sure that the users still have sufficient authority to perform their job functions. Therefore, you may need to make changes to the application - usually to adopt the profile owner's authority - so that the users can still use the application and update the files while using the application but not through any other means.

Your other option is to use an exit program and attempt to limit access to the files through configuring rules to prevent certain functions for servers that allow update -- such as the database servers and FTP. But it's not as simple as that because you must also take into consideration servers such as the remote command server that ignore the users' limited capability setting and allow them to submit commands that can update the files. Some shops have found success with this approach but understand that the task of installing and implementing exit programs is not trivial. That's why I prefer using object level security. It can take some work to adjust the application authority scheme, but then the authority applies no matter what interface is used to try to access the database file outside of the application.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

iSeries Networking - Printing, Remote Access, TCP/IP

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 1999 - 2009, TechTarget \| Read our Privacy Policy