How to block AS/400 users from using WinSQL

5 pts.
Tags:
AS/400 administration
AS/400 security
AS/400 user permissions
iSeries Access for Windows
ODBC
WinSQL
How can I block AS/400 users to modify data using WinSQL from the PC? Already I have some users that have insalled into their PCs iSeries Access and WinSQL, they run WinSQL that uses an ODBC to change data using SQL sentences. *** WinSQL is universal database management tool that can be used with any relational database to run SQL queries.

Answer Wiki

Thanks. We'll let you know when a new response is added.

I think you should be able to modify their user ids and limit what they can do. Check into object authority, group authority.
/////////////////////////////////////////////////////////////

The data files should be limited to *public view
and your rpgle/cobol programs should use owner authority
with the “owner” having full data authroity to the data.

Good luck

Phil

If you have the users using their green screen access to run the programs and then they use that same access to use the data vis ODBC, there is little that can be done except to take away their update/write capability and front end their application menu with an adopted authority that gives the users via green screen the access they need. Then they would not have anything but read only access.

You will also have to front end any jobs that submit their requests to batch as the adopt authority does not follow along but a routing program that calls a program just to adopt a profile with the same authority as the inital call program menu will work just fine.

This can be a lot of work and testing to get this functionality working but well worth it to the company and the auditors :-)

Lovemyi

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Teandy
    You can limit or deny a user’s authority to ODBC by using an exit program. Here are a few examples to help you get started: http://www.google.com/search?hl=en&q=odbc+exit+programs&aq=f&oq= http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzaik/rzaikodbcexitprog.htm http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzaik/rzaikodbcexitprog.htm http://www.itjungle.com/fhg/fhg112906-story02.html
    5,860 pointsBadges:
    report
  • Rickmcd
    Using Operations/ISERIES Navigator, you can use the Application Administration to customize ODBC access. Also FTP and Excel addin's. Ity is a very useful tool if you do not want to get into exit point programming.
    1,595 pointsBadges:
    report
  • DanD
    I'm not employed by NetIQ, but have spent much of the last five yrs. helping companies pass SOX and PCI audits with the product. The exit points are there, and you can exclude all ODBC or DRDA SQL access, then grant it to an individual user profile BY OBJECT, and restrict them from updating other files through remote SQL, even if they have update authority. If your iSeries is going to keep up with the client server/database world, you have to be able to allow but control SQL access to the iSeries database. A really GOOD programmer can write the exit programs to do this, but I've seen more than a few pgmrs fail to have the exit pgms ever work correctly all the time.
    2,865 pointsBadges:
    report
  • Lovemyi
    One of the best protection software packages I have seen for locking down FTP, ODBC and other external intrusions into the iSeries is a package called Network Security from POWERTECH. The product is also known as Powerlock and gives you full control over several layers of access for each process that you want to control. It is pretty easy to enroll by just monitoring the system over a month or so and then transferring the information to a lock down situation for that user. Lovemyi
    2,310 pointsBadges:
    report
  • TomLiotta
    Using Operations/ISERIES Navigator, you can use the Application Administration to customize ODBC access. Be aware that this is intended only for the iSeries Access ODBC driver. A different vendor's driver is not obligated to obey the restrictions. (Some won't even know it exists.) Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following