Using SRTSQL, the wrkqry cmd can be very powerful on an iSeries 400. I would like to restrict my users from the ability to change or create using the SRTSQL command. Can you provide any suggestions?
I am assuming that you want to allow your users to be able to view the data, just not change or create something new. If that's the case, users with *USE authority to the file will be able to view, but not modify the data (that requires *UPDATE authority, which is included in *CHANGE.) To add records requires *ADD authority, which is also included in *CHANGE. Using object level security within OS/400 will ensure that users can view and not update or add records from any interface, not just with SQL.
If you don't want to put object level security on the file itself, you MAY be able to accomplish your objective by writing or buying an exit program and authorizing users to only certain sub-functions of the SQL server. However, using OS/400 object level security on the file itself is the most secure method.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: Tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400 Featured Topic: Secure your iSeries
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.