Home > IT Answers > AS/400 > How to block AS/400 users from using WinSQL
Maguito
5 pts.
 How to block AS/400 users from using WinSQL
AS/400 administration, AS/400 security, AS/400 user permissions, iSeries Access for Windows, ODBC, WinSQL
How can I block AS/400 users to modify data using WinSQL from the PC? Already I have some users that have insalled into their PCs iSeries Access and WinSQL, they run WinSQL that uses an ODBC to change data using SQL sentences. *** WinSQL is universal database management tool that can be used with any relational database to run SQL queries.

Software/Hardware used:
ASKED: February 8, 2009  6:40 AM
UPDATED: November 4, 2009  2:22 AM
RELATED QUESTIONS
Answer Wiki:
I think you should be able to modify their user ids and limit what they can do. Check into object authority, group authority. ///////////////////////////////////////////////////////////// The data files should be limited to *public view and your rpgle/cobol programs should use owner authority with the "owner" having full data authroity to the data. Good luck Phil If you have the users using their green screen access to run the programs and then they use that same access to use the data vis ODBC, there is little that can be done except to take away their update/write capability and front end their application menu with an adopted authority that gives the users via green screen the access they need. Then they would not have anything but read only access. You will also have to front end any jobs that submit their requests to batch as the adopt authority does not follow along but a routing program that calls a program just to adopt a profile with the same authority as the inital call program menu will work just fine. This can be a lot of work and testing to get this functionality working but well worth it to the company and the auditors :-) Lovemyi
Last Wiki Answer Submitted:  February 10, 2009  3:42 pm  by  philpl1jb   44,180 pts.
All Answer Wiki Contributors:  philpl1jb   44,180 pts. , Kacerc   65 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 
Teandy
 5,830 pts.
 

Using Operations/ISERIES Navigator, you can use the Application Administration to customize ODBC access. Also FTP and Excel addin’s. Ity is a very useful tool if you do not want to get into exit point programming.

Rickmcd
 1,480 pts.
 

I’m not employed by NetIQ, but have spent much of the last five yrs. helping companies pass SOX and PCI audits with the product. The exit points are there, and you can exclude all ODBC or DRDA SQL access, then grant it to an individual user profile BY OBJECT, and restrict them from updating other files through remote SQL, even if they have update authority.

If your iSeries is going to keep up with the client server/database world, you have to be able to allow but control SQL access to the iSeries database.

A really GOOD programmer can write the exit programs to do this, but I’ve seen more than a few pgmrs fail to have the exit pgms ever work correctly all the time.

DanD
 2,865 pts.
 

One of the best protection software packages I have seen for locking down FTP, ODBC and other external intrusions into the iSeries is a package called Network Security from POWERTECH. The product is also known as Powerlock and gives you full control over several layers of access for each process that you want to control.

It is pretty easy to enroll by just monitoring the system over a month or so and then transferring the information to a lock down situation for that user.

Lovemyi

Lovemyi
 2,310 pts.
 

Using Operations/ISERIES Navigator, you can use the Application Administration to customize ODBC access.

Be aware that this is intended only for the iSeries Access ODBC driver. A different vendor’s driver is not obligated to obey the restrictions. (Some won’t even know it exists.)

Tom

TomLiotta
 108,055 pts.