Manage Learn to apply best practices and optimize your operations.

Locking down the read-only ability within Microsoft Access

My power users want to access the production database via ODBC from Microsoft Access. I have created a new profile for each power user that has read-only access to production data. However, when they perform "link tables" from Microsoft Access -- through the OBDC connection -- it prompts them for their sign-on information. They could inadvertently enter their regular sign-on information (instead of that of the newly created one) and gain update capabilities to the production data.

Do you have any ideas about how I can lock down the read-only ability?
You have a couple of options, depending on your current security configuration. If your power users do not have *ALLOBJ and the applications use adopted authority to gain access to the application files, then you can grant a private authority for the power user profiles and explicitly *EXCLUDE them from the application files. This way, they will only be able to access the files outside of the application (through ODBC, in this case) by using their "read-only" profiles.

If these users have *ALLOBJ, your only option is to use an exit program to restrict the power users' access. However, you need to realize that this will only restrict their access via the interfaces the exit program covers – namely network access. If these users have access to a command line, they will be able to do anything they want to these files.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.