|
Good question! While it appears that all jobs are running as QUSER when you
do a Work Active Job (WRKACTJOB), OS/400 has actually performed a "profile
swap" and is running as the user making the request. In other words, it
runs as the profile that was entered when the initial connection to the
system was made. Therefore, you can restrict individual users or groups from
accessing a particular database file. By using the Edit object authority
command (EDTOBJAUT) command you can give a user *EXCLUDE authority and then
they will not be able to access the database through ANY interface --
including ODBC. If you are just trying to prevent selected users from
accessing selected database files only through ODBC (but not FTP or DDM or a
command line) then you may want to consider purchasing a third-party exit
program solution. There are about 12 vendors that provide these solutions. ==================================
MORE INFORMATION ON THIS TOPIC
==================================
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
|
