Allow a user to view a library prod without granting full access to all data

I have a file F4211 in a library prod. This file contains a large amount of company data.

In order to implement security, I created a view F4211 in another library staging in the following way:

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

CREATE VIEW STAGING.F4211 AS SELECT * FROM PROD.F4211 WHERE SDKCOO='12345'

I granted access to a user for this view but the user says he is facing problems with the privilege error when he attempts to access the view.

Could you please let me know if I need to grant access to F4211 in prod library also? However, if I do that there will be a loophole, as the user will be able to access all data.

One last thing to mention is that the user does not have any privileges on prod library. I would like to fix this user's problem with the priviledge error without enabling this user to access all data.

First, to access an object in a library, the user must have authority to the library itself. Once the user has access to the library (*USE should be sufficient) they will need to have at least *READ data authority to the underlying physical file associated with the view.

As long as you do not give the user *OBJOPR object authority to the physical file, they will only be able to access the data via the view. If the user attempts to get the data from the physical file, it will fail.

Related Resources

Security Information Management Systems and Application Monitoring –SearchSecurity.com
Improving iPad enterprise management: Security primer –SearchSecurity.com
Solution Spotlight: Enforcing Mobile Security Through Secure Endpoint, Access ... –SearchSecurity.com
BYOD Security: How to Remotely Wipe iPhone and Android Devices –SearchSecurity.com

Dig Deeper on iSeries system and application security

All
News
Get Started
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our AS/400 experts

View all AS/400 questions and answers

IBM i security tightening: Preventing data theft

Developing a security incident response system for System i

Setting up security for programmers on IBM i

Trouble accessing IFS path from Win2k3 server

System i security: It's people

IBM unveils SecureBlue

PowerTech acquires TriAWorks

Answers to iSeries security -- Fact or Fiction?

Learning guide: Simple steps to a secure iSeries

exit program

IBM i security tightening: Preventing data theft

Developing a security incident response system for System i

Setting up security for programmers on IBM i

Trouble accessing IFS path from Win2k3 server

IBM i security tightening: Preventing data theft

Developing a security incident response system for System i

Setting up security for programmers on IBM i

Trouble accessing IFS path from Win2k3 server

Please create a username to comment.

Guide to buying server performance monitoring software

How IBM's data science team quickens users' AI projects

IBM blockchain technology spotlights mainframes

Related Resources

Dig Deeper on iSeries system and application security

Related Q&A from Carol Woodbury

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.