Q
Problem solve Get help with specific problems with your technologies, process and projects.

Users with too much authority

Most of the data on our AS/400's have application-based security. Several of our users use SQL to access data, which quite effectively bypasses application-based security and instead relies on privileges granted under their profiles. Most of these applications were designed before SQL. It was common practice (not good practice) to grant users more authority than they needed and take it away with the application.

I suspect there is nothing that can be done to restrict SQL access -- that whatever access they have is whatever access they have. Is there any way to keep users from using attaching to a database using SQL from a PC altogether? If so, would it apply to all users or could I apply that to a specific user?


Your system security is effectively application authority based. It was fine before the time of SQL and PC access, but it not sufficient anymore. There are various methods you may want to use to restrict users access to the system. You need to have object based security and possibly field based security (to allow, for instance, users to know the date of birth from the employee file but not the gross wages). This is not easy as you need to make sure access granted by the application security is still maintained. You need also to make sure that any non interactive access, such as PC, but also batch, and so on is still allowed to work.

Security is a vast subject, and I would recommend you read AS/400 manuals and SQL manuals to see how to implement it.

Nothing is impossible on an AS/400 but security is not the easiest thing. But yes, you can prevent users from accessing (and changing and deleting) sensitive data. Also, security being part of the OS, you can not bypass it (or you're very good)...


Dig Deeper on Performance

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close