My power users want to access the production database via ODBC from Microsoft Access. I have created a new profile for each power user that has read-only access to production data. However, when they perform "link tables" from Microsoft Access -- through the OBDC connection -- it prompts them for their sign-on information. They could inadvertently enter their regular sign-on information (instead of that of the newly created one) and gain update capabilities to the production data.Do you have any ideas about how I can lock down the read-only ability?
You have a couple of options, depending on your current security configuration. If your power users do not have *ALLOBJ and the applications use adopted authority to gain access to the application files, then you can grant a private authority for the power user profiles and explicitly *EXCLUDE them from the application files. This way, they will only be able to access the files outside of the application (through ODBC, in this case) by using their "read-only" profiles.
If these users have *ALLOBJ, your only option is to use an exit program to restrict the power users' access. However, you need to realize that this will only restrict their access via the interfaces the exit program covers – namely network access. If these users have access to a command line, they will be able to do anything they want to these files.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.