Manage Learn to apply best practices and optimize your operations.

Restricting access

We are currently restricting access across the board in our organization. We want to still allow DFU to be used in a browse mode. We don't want any one to use DFU in an edit mode. A possible exception to this might be the acting DBA. Can we stop DFU from doing anything but browse (across the board)? I am referring to programmers taking an 18 on the file object and generating a DFU as much as writing a DFU program.
If the developer has authority to update the file, they will also be able to update it through DFU. However, you may be able to do something with limiting what they can do to the file with the new exit program, QIBM_QDB_OPEN , provided in V5R3. It will get called when the database file is opened. In addition, I've heard rumors this exit may be PTF'd to V5R2.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Visit the ITKnowledge Exchange and get answers to your security questions fast.

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.