Manage

Allow a user to view a library prod without granting full access to all data

Implement the USE command to provide user access via the view to the library, withholding the user from OBJOPR object authority. This prevents the user from gaining access to the physical file.

Carol Woodbury, SkyView Partners

Published: 23 Apr 2009

I have a file F4211 in a library prod. This file contains a large amount of company data.

In order to implement security, I created a view F4211 in another library staging in the following way:

CREATE VIEW STAGING.F4211 AS SELECT * FROM PROD.F4211 WHERE SDKCOO='12345'

I granted access to a user for this view but the user says he is facing problems with the privilege error when he attempts to access the view.

Could you please let me know if I need to grant access to F4211 in prod library also? However, if I do that there will be a loophole, as the user will be able to access all data.

One last thing to mention is that the user does not have any privileges on prod library. I would like to fix this user's problem with the priviledge error without enabling this user to access all data.

First, to access an object in a library, the user must have authority to the library itself. Once the user has access to the library (*USE should be sufficient) they will need to have at least *READ data authority to the underlying physical file associated with the view.

As long as you do not give the user *OBJOPR object authority to the physical file, they will only be able to access the data via the view. If the user attempts to get the data from the physical file, it will fail.

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our AS/400 experts

View all AS/400 questions and answers

Allow a user to view a library prod without granting full access to all data

Implement the USE command to provide user access via the view to the library, withholding the user from OBJOPR object authority. This prevents the user from gaining access to the physical file.

Dig Deeper on iSeries system and application security

How to create Oracle Multitenant database user accounts

How shared Lambda functions help microservices access control

How to copy an Oracle database

Gartner's data protection predictions

Related Q&A from Carol Woodbury

Changing password security levels and upgrading operating systems on the IBM i

Provide authorization in order for a user to start a subsystem within startup routine

Determine the value of parameter UPPWEI in the DSPUSRPRF field

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Top data center skills admins can use in 2020

Organizations try to predict the effect of 5G infrastructure

Top infrastructure and operations technology myths of 2019

Dig Deeper on iSeries system and application security

How to create Oracle Multitenant database user accounts

How shared Lambda functions help microservices access control

How to copy an Oracle database

Gartner's data protection predictions

Related Q&A from Carol Woodbury

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.