Risk associated with *ALLOBJ access in iSeries

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT iSeries Security Changing password security levels and upgrading operating systems on the IBM i Determine the value of parameter UPPWEI in the DSPUSRPRF field Define journal code value "K" Modify content within a journal receiver file Change password parameters on the AS/400 without deactivating user's passwords Prevent insiders with *READ or *USE access from circumventing object authority on IBM i Prevent insiders from obtaining user ids and passwords on the IBM i Change the IBM i system to allow only certain types of SSL protocol versions Authorize a specific user to select files in a separate library Allow a user to view a library prod without granting full access to all data

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Any time you give a user *ALLOBJ access, you are giving them the authority to access any object on the system, including production data. Even though they may not have access to a command line, they can still access the objects through FTP and ODBC. If you give them the ability to launch iSeries Navigator, there are numerous ways to access the data. Also, if you give them the ability to create or modify queries, they will be able to create and run a query against any database file.

Net: You should only give *ALLOBJ to very trusted users. Do not assume that there is a way to control an *ALLOBJ user, because there isn't.