Manage Learn to apply best practices and optimize your operations.

DB2/400 field-level security

I'm currently running V4R5 on a model 720. I'm using Crystal Report Writer and want to apply security in DB2/400 at the field level. For instance, I want departments to have access to their own payroll data, but no one else's. Is this possible?

There are two ways to restrict user update and read requests to specific fields of a physical database file:

Create a logical view of the physical file that includes only those fields to which you want your users to have access. See "Using logical files to secure data" for more information.

Or you could use the SQL GRANT statement to grant update authority to specific columns of an SQL table. See About DB2 UDB for iSeries SQL Programming Concepts for more information.

For more information about the GRANT and REVOKE statements themselves, see About DB2 UDB for iSeries SQL reference. One major limitation of this latter method is that field level security only works for SQL type accesses, and only for *CHANGE –- not for *READ.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.