Manage Learn to apply best practices and optimize your operations.

Limit files for DDM access

We have a customer that uses DDM to read our files. We need to limit some files for DDM access, but they still need to be able to read that file through an application program. They also need to be able to DDM orders to us, so we can't revoke DDM completely.

If your customer has written the application or doesn't mind changing the application program, the best (most robust) solution is to set *PUBLIC authority of the files to *EXCLUDE (protecting the file from being accessed through DDM) and changing the application to adopt authority when accessing the files.

The application program owner needs to be authorized to or own the files. This way, access to the file is protected not just through DDM, but through all interfaces that might currently exist and any of the interfaces that might come up in the future. However, because the owner of the program has sufficient authority, access is still allowed through the application.

This is the preferred method over trying to protect these files via exit point software because, once again, by using object level security, you protect the file from being accessed from ALL interfaces. If you aren't familiar with adopted authority or have questions regarding it, you might check out my Security Patrol article on the subject .0CcCajzU6iu.26@.6ae389f1!sectionID= .5bfbaebb>here.


The Best Web Links: Tips, tutorials and more.

Search400.com's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Read this Search400.com Featured Topic: Secure your iSeries

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.