Manage

Allow a user to view a library prod without granting full access to all data

Implement the USE command to provide user access via the view to the library, withholding the user from OBJOPR object authority. This prevents the user from gaining access to the physical file.

Carol Woodbury, SkyView Partners

Published: 23 Apr 2009

I have a file F4211 in a library prod. This file contains a large amount of company data.

In order to implement security, I created a view F4211 in another library staging in the following way:

CREATE VIEW STAGING.F4211 AS SELECT * FROM PROD.F4211 WHERE SDKCOO='12345'

I granted access to a user for this view but the user says he is facing problems with the privilege error when he attempts to access the view.

Could you please let me know if I need to grant access to F4211 in prod library also? However, if I do that there will be a loophole, as the user will be able to access all data.

One last thing to mention is that the user does not have any privileges on prod library. I would like to fix this user's problem with the priviledge error without enabling this user to access all data.

First, to access an object in a library, the user must have authority to the library itself. Once the user has access to the library (*USE should be sufficient) they will need to have at least *READ data authority to the underlying physical file associated with the view.

As long as you do not give the user *OBJOPR object authority to the physical file, they will only be able to access the data via the view. If the user attempts to get the data from the physical file, it will fail.

Dig Deeper on iSeries system and application security

How to create Oracle Multitenant database user accounts Database administrator Brian Peasland outlines the process of creating users in an Oracle Multitenant environment and details new views in the Oracle data dictionary.

How shared Lambda functions help microservices access control Shared Lambda functions can help combat error message issues that arise when developers create custom authentication and authorization for microservices. Here's how they work.

How to copy an Oracle database Contributor Raymond Lefebvre, a database director, explains how to do one of the most common things DBAs are required to do – copy an Oracle database.

Gartner's data protection predictions Gartner's lead global storage researcher Philip Sargeant says organisations will soon find themselves buying a new class of storage management tools, as they acquire several point solutions to improve data management and focus on recovery instead of backup.

"Not a valid month" error I am trying to perform a partial export of a table. Every day, I want to export just the rows created yesterday. I am using a PL/SQL shell script and executing code in a par file. I get an error: "ORA-01843: not a valid month."

Creating a library with a *test vs. *prod parameters

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our AS/400 experts

View all AS/400 questions and answers

Allow a user to view a library prod without granting full access to all data

Implement the USE command to provide user access via the view to the library, withholding the user from OBJOPR object authority. This prevents the user from gaining access to the physical file.

Dig Deeper on iSeries system and application security

Related Q&A from Carol Woodbury

Changing password security levels and upgrading operating systems on the IBM i

Provide authorization in order for a user to start a subsystem within startup routine

Determine the value of parameter UPPWEI in the DSPUSRPRF field

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Refresh your data center cooling lexicon

Comparing Linux distributions: Red Hat vs. Ubuntu

Get eco-friendly with LEED data center certification

Dig Deeper on iSeries system and application security

Related Q&A from Carol Woodbury

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.