Home > Ask the AS/400 Experts > iSeries Security Questions & Answers > Using object level security to control data access
Ask The iSeries 400 Expert: Questions & Answers
EMAIL THIS

Using object level security to control data access

Carol Woodbury EXPERT RESPONSE FROM: Carol Woodbury

Pose a Question
Other iSeries 400 Categories
Meet all iSeries 400 Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 14 August 2007
I'm a controller for a mid-size retailer. My staff write SQL queries directly from our AS400 data tables. Our MIS department says that in order for us to keep that ability, they must grant us complete command line access to the system. Our CIO and I are uncomfortable with that. What I'd like to know is:
  • Is it possible to have the ability to write SQL programs without having full access to the system? We write these using MS Query (via Excel) and Crystal Reports.
  • Is it possible to write a ODBC DSN connection file that will provide this limitation?
  • Can we limit a group of files from even being accessed? i.e.: anything with a DBPR*?

I don't like the "all or nothing" solution.


>

This is not an all-or-nothing situation. The best way to control what your staff can do is to not attempt to limit the method by which they access the files, but limit access to the files themselves by using object level security on the files.

Without *USE authority to the files, you could not write a SQL statement or a native i5/OS query statement, or download the file to Excel or FTP the file to another system. You see, there are many ways to access a file -- and more are being created every day (there are several vendors that provide SQL access without requiring access to the command line.) If you limit access through that vendor interface but allow access through sockets, http or a command line, they still have access to the data.

Your solution is to restrict access to the files by using object level security -- at either the library (shutting them out from everything in the library) or at the file itself.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
iSeries Security
Changing password security levels and upgrading operating systems on the IBM i
Determine the value of parameter UPPWEI in the DSPUSRPRF field
Define journal code value "K"
Modify content within a journal receiver file
Change password parameters on the AS/400 without deactivating user's passwords
Prevent insiders with *READ or *USE access from circumventing object authority on IBM i
Prevent insiders from obtaining user ids and passwords on the IBM i
Change the IBM i system to allow only certain types of SSL protocol versions
Authorize a specific user to select files in a separate library
Allow a user to view a library prod without granting full access to all data

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



iSeries Networking - Printing, Remote Access, TCP/IP
HomeNewsTopicsITKnowledge ExchangeTipsBlogsAsk the ExpertsMultimediaWhite PapersProducts
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 1999 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts