Most of our users are using Client Access to establish sessions on our iSeries. Is there a short way to restrict access to file transfer (send, receive, transfer) using traditional iSeries securities for specific users? We are currently using AS/400 Model 720, OS V4R4M0, OpsNav V4R4M0.
Using the traditional methods of security are the best in this instance. If you restrict access to a file for a user (GRTOBJAUT) then that user ID will not be able to access that file via Data Transfer. This is the surest and most effective way to control Data Transfer.
There are other, less effective ways, also. Here's a list of them:
1. Uninstall the Data Transfer function. This can be done through Selective Setup on the PC. The downside to this one is that users can simply re-install this feature.
2. Write an exit program to restrict access to the Database Host Server (this is what iSeries Access uses). The downside to this is that there may be other applications (ODBC, OLE DB, JDBC) that also use the Database Host Server. Exit programs would also affect these applications.
3. Set up Application Administration to restrict access. The downside to this is that the user can disable remote access, which will effectively disable Application Administration. This would circumvent any security set up within Application Administration.
By far, the best course of action is to restrict access at the file level.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: Tips, tutorials and more.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400.com Featured Topic: Monitoring your iSeries system .
Ask the Experts yourself: Our systems management gurus are waiting to answer your technical questions.