Problem solve Get help with specific problems with your technologies, process and projects.

Run a stored procedure in AS/400 with limited profile access

ISeries security expert Carol Woodbury explains how to run a stored procedure in AS/400 while restricting the access of the profile that makes the call.

An open systems function is making a call to AS/400 to run a stored procedure. Our security group needs to ensure that the profile used to make that call cannot do anything else (i.e. cannot call a different procedure or call an RPG-based program). How can I ensure that the process is given explicit access to call only that one function and nothing else? Do I grant authority to just that one stored procedure object?
If you are using one of the exit-point vendors' solutions, you could allow this specific stored procedure to be run and deny access to all other network interface calls (such as FTP or DDM calls. You would then need to make sure that the profile could not be used for interactive sign on. To do this, you'd need to make sure the initial program was *NONE and the initial menu was *SIGNOFF. However this configuration is not perfect or foolproof. I5/OS has not provided exit points for all entrances to the system, so the profile could still be used for Web applications and socket programs, if not more. Also, the profile could still be used to submit and run batch or scheduled jobs.

Dig Deeper on Systems Management Tools

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.