how to prevent users from pc to use odbc

15 pts.
Tags:
AS/400 security
ODBC
Hello, how can we stop a user say from a windows to use odbc to connect to the as400 server. I am looking more for setting up a block on the as400 machine rather than on the pc itself. thanks

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi !

You can use the exit point to validate users that are authorized to use ODBC. Sample program exist in the IBM information Center under this adress : http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzaik/rzaikodbcexitprog.htm

As you will see, it is pretty easy to write variance into this example to fulfill your need’s.

Dont forget to register your exit program as mentionned on the doc.

Have fun !

__________________
DanTheMan

Options in Windows depend on your domain configuration, as when you are in Windows Server 2003 and using Group Policy you can manage all the desktops by hiding the ODBC control panel item. Check out this Tecnet article for the steps to perform this task:
<a href=”http://support.microsoft.com/kb/325852″>HOW TO: Hide Control Panel Tools in Windows Server 2003</a>

Hello,

There is also the option within Operations Navigator to whom would have access to ODBC. From iSeries Navigator, right click on the system, select Application Administration. Click on Client Applications, Click on the + beside iSeries Access for Windows, this will open up the window for the application, click on ODBC and then Customize. Within here you can set who you want to give access to ODBC on that system either by User Profile or Group Profile.

TPinky

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    The iSeries Navigator 'Application Administration' option can be a good one. It does require some understanding, especially for areas such as "ODBC". Note that System i Access 'Application Administration' function controls for "ODBC" are intended only for the System i Access ODBC driver. AFAIK, other vendor's drivers are not required to follow the guideline established by the related function restriction. The 'Application Administration' feature of System i Navigator should be viewed as an example of how the system's function usage facility can be used rather than as a true substitute for proper security controls. Tom
    125,585 pointsBadges:
    report
  • Teandy
    Do you want to stop traffice both ways? In other words, do you want to stop your users from uploading and downloading data? Here is an example of an exit program I wrote to do stop ODBC uploads. You should be able to modify it to stop downloads as well.
    
    100       **********************************************************************                                    02/15/08
        200       *  SET COMPILER OPTIONS                                                                                   02/15/08
        300       **********************************************************************                                    02/15/08
        400      HOPTION(*NODEBUGIO:*SRCSTMT)                                                                               02/15/08
        500       **********************************************************************                                    02/15/08
        600       *  PROGRAM NAME: ODBCEXITR                                                                                10/01/08
        800       *  CREATION DATE: 07/23/08                                                                                07/23/08
        900       *  PURPOSE OF PROGRAM: ODBC EXIT PROGAM TO PREVENT FILE UPDATES.                                          10/01/08
       1000       **********************************************************************                                    06/19/07
       1100       * FILES USED BY PROGRAM.                                                                                  06/19/07
       1200       **********************************************************************                                    06/19/07
       1300      FODBCEXITPFIF A E           K DISK                                                                         09/30/08
       1400       **********************************************************************                                    07/23/08
       1500       *  ENTRY PARMS.                                                                                           07/23/08
       1600       **********************************************************************                                    07/23/08
       1700      D  ENTRYPARMS     PR                  ExtPgm('ODBCEXITR2')                                                 10/02/08
       1800      D  REQUEST_STATUS...                                                                                       10/01/08
       1900      D                                1                                                                         10/01/08
       2000      D  REQUEST_STRING...                                                                                       10/01/08
       2100      D                             1024                                                                         10/10/08
       2200                                                                                                                 07/23/08
       2300      D  ENTRYPARMS     PI                                                                                       07/23/08
       2400      D  REQUEST_STATUS...                                                                                       10/01/08
       2500      D                                1                                                                         10/01/08
       2600      D  REQUEST_STRING...                                                                                       10/01/08
       2700      D                             1024                                                                         10/10/08
       2800                                                                                                                 07/23/08
       2900       **********************************************************************                                    07/23/08
       3000       *  FIELD DEFINITIONS.                                                                                     07/23/08
       3100       **********************************************************************                                    07/23/08
       3200      D  USER_PROFILE   S             10    INZ(*BLANKS)                                                         10/02/08
       3300      D  SERVER_ID      S             10    INZ(*BLANKS)                                                         10/02/08
       3400      D  FORMAT_NAME    S              8    INZ(*BLANKS)                                                         10/02/08
       3500      D  FUNCTION       S              4    INZ(*BLANKS)                                                         10/02/08
       3600      D  CODETYPE       S              4    INZ(*BLANKS)                                                         10/07/08
       3700      D  FILE_CHANGE    S              6    INZ(*BLANKS)                                                         10/10/08
       5900       **********************************************************************                                    10/02/08
       6000       *  DATA STRUCTURE FOR REQUEST STRING                                                                      10/02/08
       6100       **********************************************************************                                    10/02/08
       6200      D                 DS                  INZ                                                                  10/02/08
       6300      D REQUEST                 1    364                                                                         10/10/08
       6400      D  USER                   1     10                                                                         10/02/08
       6500      D  SRVID                 11     20                                                                         10/02/08
       6600      D  FORMAT                21     28                                                                         10/02/08
       6700      D  FUNC                  29     32                                                                         10/02/08
       6800      D  FILNAME               33    161                                                                         10/10/08
       6900      D  LIBNAME              162    171                                                                         10/10/08
       7000      D  MEMBERNAME           172    181                                                                         10/10/08
       7100      D  AUTHORITY            182    191                                                                         10/10/08
       7200      D  Based_on_file_name...                                                                                   10/10/08
       7300      D                       192    319                                                                         10/10/08
       7400      D  Based_on_library_name...                                                                                10/10/08
       7500      D                       320    329                                                                         10/10/08
       7600      D  Override_file_name...                                                                                   10/10/08
       7700      D                       330    339                                                                         10/10/08
       7800      D  Override_library_name...                                                                                10/10/08
       7900      D                       340    349                                                                         10/10/08
       8000      D  Override_member_name...                                                                                 10/10/08
       8100      D                       350    364                                                                         10/10/08
       8200                                                                                                                 10/02/08
       8300        // ******************************************************************                                    06/19/07
       8400        // *  START FREE FORM CALCS.                                                                             06/19/07
       8500        // ******************************************************************                                    06/19/07
       8600                                                                                                                 06/19/07
       8700       /FREE                                                                                                     06/19/07
       8800                                                                                                                 06/19/07
       8900                                                                                                                 07/23/08
       9000        // ******************************************************************                                    07/23/08
       9100        // * WRITE REQUEST TO FILE.                                                                              10/01/08
       9200        // ******************************************************************                                    07/23/08
       9300                                                                                                                 07/23/08
       9400         REQUEST_STATUS = '1';                                                                                   10/02/08
       9500                                                                                                                 10/02/08
       9600         ODBSTATUS = REQUEST_STATUS;                                                                             10/01/08
       9700         ODBREQUEST = REQUEST_STRING;                                                                            10/01/08
       9800         REQUEST = REQUEST_STRING;                                                                               10/02/08
       9900         ODBUSER = USER;                                                                                         10/02/08
      10000         ODBSRVID = SRVID;                                                                                       10/02/08
      10100         ODBFORMAT= FORMAT;                                                                                      10/02/08
      10200         ODBFUNC = FUNC;                                                                                         10/02/08
    
      10700        // ******************************************************************                                    10/07/09
      10800        // * IF THE REQUEST IS FROM ANYONE EXCEPT FAST FAX OR B&L'S MPC.                                         10/07/09
      10900        // ******************************************************************                                    10/07/09
      11000                                                                                                                 10/07/09
      11100         IF ODBUSER <> 'FFXSYS' AND                                                                              10/07/09
      11200            ODBUSER <> 'MPC';                                                                                    10/07/09
      12300                                                                                                                 10/10/08
      12400        // ******************************************************************                                    10/07/09
      12500        // * CHECK THE REQUEST STATUS.                                                                           10/07/09
      12600        // * IF THIS IS AN UPDATE OR INSERT (ADD A RECORD) REQUEST, CHANGE                                       10/07/09
      12700        // * THE STATUS TO 0. THIS WILL DENY THE REQUEST.                                                        10/07/09
      12800        // *                                                                                                     10/07/09
      12900        // * WHEN THE ODBC DRIVER SEES THAT THE REQUEST IS DENIED, IT WILL                                       10/07/09
      13000        // * KILL THE JOB.                                                                                       10/07/09
      13100        // ******************************************************************                                    10/07/09
      13200                                                                                                                 10/07/09
      13300           FILE_CHANGE = %SUBST(ODBREQUEST : 240 : 6);                                                           10/10/08
      13400                                                                                                                 10/10/08
      13500           IF FILE_CHANGE = 'UPDATE' OR                                                                          10/10/08
      13600              FILE_CHANGE = 'INSERT';                                                                            10/10/08
      13700                                                                                                                 10/10/08
      13800              REQUEST_STATUS = '0';                                                                              10/10/08
      13900                                                                                                                 10/10/08
      14000           ENDIF;                                                                                                10/10/08
      14100                                                                                                                 10/10/08
      14200                                                                                                                 10/10/08
      34500                                                                                                                 07/23/08
      34600         *INLR = *ON;                                                                                            07/23/08
      34700         RETURN;                                                                                                 07/23/08
      34800                                                                                                                 07/23/08
      34900       /END-FREE                                                                                                 06/19/07
      35000                                                                                                                 06/19/07
    
    
    5,860 pointsBadges:
    report
  • Teandy
    Check out this thread: <a href="http://itknowledgeexchange.techtarget.com/itanswers/block-winsql/?asrc=EM_UGT_9808457&uid=11161" title="http://itknowledgeexchange.techtarget.com/itanswers/block-winsql/?asrc=EM_UGT_9808457&uid=11161" target="_blank">http://itknowledgeexchange.techtarget.co…</a> I’ve tried three different times to post the code of an exit program I have that does this and all three times the post has failed to come through. Let me know if you want it and I will email it to you.
    5,860 pointsBadges:
    report
  • WoodEngineer
    We had exactly the same situation where we wanted to block all users from using ODBC to retrieve data from payroll files. We tried blocking functions via iNav but were not happy with the results. We settled on protecting our data by simply using good ol' iSeries object authority on the payroll library. The group profile feature simplified the task and works very well.
    6,540 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following