Manage

Allow a user to view a library prod without granting full access to all data

Implement the USE command to provide user access via the view to the library, withholding the user from OBJOPR object authority. This prevents the user from gaining access to the physical file.

Carol Woodbury, SkyView Partners

Published: 23 Apr 2009

I have a file F4211 in a library prod. This file contains a large amount of company data.

In order to implement security, I created a view F4211 in another library staging in the following way:

CREATE VIEW STAGING.F4211 AS SELECT * FROM PROD.F4211 WHERE SDKCOO='12345'

I granted access to a user for this view but the user says he is facing problems with the privilege error when he attempts to access the view.

Could you please let me know if I need to grant access to F4211 in prod library also? However, if I do that there will be a loophole, as the user will be able to access all data.

One last thing to mention is that the user does not have any privileges on prod library. I would like to fix this user's problem with the priviledge error without enabling this user to access all data.

First, to access an object in a library, the user must have authority to the library itself. Once the user has access to the library (*USE should be sufficient) they will need to have at least *READ data authority to the underlying physical file associated with the view.

As long as you do not give the user *OBJOPR object authority to the physical file, they will only be able to access the data via the view. If the user attempts to get the data from the physical file, it will fail.

Dig Deeper on iSeries system and application security

All
News
Get Started
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our AS/400 experts

View all AS/400 questions and answers

Allow a user to view a library prod without granting full access to all data

Implement the USE command to provide user access via the view to the library, withholding the user from OBJOPR object authority. This prevents the user from gaining access to the physical file.

Dig Deeper on iSeries system and application security

IBM i security tightening: Preventing data theft

Developing a security incident response system for System i

Setting up security for programmers on IBM i

Blocking AS/400 DB2 users

System i security: It's people

IBM unveils SecureBlue

PowerTech acquires TriAWorks

Answers to iSeries security -- Fact or Fiction?

Learning guide: Simple steps to a secure iSeries

exit program

IBM i security tightening: Preventing data theft

Developing a security incident response system for System i

Setting up security for programmers on IBM i

Blocking AS/400 DB2 users

IBM i security tightening: Preventing data theft

Developing a security incident response system for System i

Setting up security for programmers on IBM i

Trouble accessing IFS path from Win2k3 server

Related Q&A from Carol Woodbury

Changing password security levels and upgrading operating systems on the IBM i

Provide authorization in order for a user to start a subsystem within startup routine

Determine the value of parameter UPPWEI in the DSPUSRPRF field

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

IBM quantum computers' usefulness in sight -- using binoculars

Addendum sets ASHRAE 90.4 as energy-efficiency standard

How to realize the benefits of software-defined infrastructure

Dig Deeper on iSeries system and application security

Related Q&A from Carol Woodbury

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.