How do you secure files from ODBC connections? I have tried by placing IP port restrictions on the user, but ODBC appears to connect using job QZDASOINIT, which is running under user QUSER. Can any connections be made if I restrict QUSER?
Good question! While it appears that all jobs are running as QUSER when you do a Work Active Job (WRKACTJOB), OS/400 has actually performed a "profile swap" and is running as the user making the request. In other words, it runs as the profile that was entered when the initial connection to the system was made. Therefore, you can restrict individual users or groups from accessing a particular database file. By using the Edit object authority command (EDTOBJAUT) command you can give a user *EXCLUDE authority and then they will not be able to access the database through ANY interface -- including ODBC. If you are just trying to prevent selected users from accessing selected database files only through ODBC (but not FTP or DDM or a command line) then you may want to consider purchasing a third-party exit program solution. There are about 12 vendors that provide these solutions.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.