how to prevent users from pc to use odbc
Hello, how can we stop a user say from a windows to use odbc to connect to the as400 server. I am looking more for setting up a block on the as400 machine rather than on the pc itself.
thanks
Software/Hardware used:
Software/Hardware used:
ASKED:
April 6, 2008 3:37 AM
UPDATED:
November 4, 2009 7:38 PM
Answer Wiki:
Hi !
You can use the exit point to validate users that are authorized to use ODBC. Sample program exist in the IBM information Center under this adress : http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzaik/rzaikodbcexitprog.htm
As you will see, it is pretty easy to write variance into this example to fulfill your need's.
Dont forget to register your exit program as mentionned on the doc.
Have fun !
__________________
DanTheMan
Options in Windows depend on your domain configuration, as when you are in Windows Server 2003 and using Group Policy you can manage all the desktops by hiding the ODBC control panel item. Check out this Tecnet article for the steps to perform this task:
<a href="http://support.microsoft.com/kb/325852">HOW TO: Hide Control Panel Tools in Windows Server 2003</a>
Hello,
There is also the option within Operations Navigator to whom would have access to ODBC. From iSeries Navigator, right click on the system, select Application Administration. Click on Client Applications, Click on the + beside iSeries Access for Windows, this will open up the window for the application, click on ODBC and then Customize. Within here you can set who you want to give access to ODBC on that system either by User Profile or Group Profile.
TPinky
To see all answers submitted to the Answer Wiki: View Answer History.
The iSeries Navigator ‘Application Administration’ option can be a good one. It does require some understanding, especially for areas such as “ODBC”.
Note that System i Access ‘Application Administration’ function controls for “ODBC” are intended only for the System i Access ODBC driver. AFAIK, other vendor’s drivers are not required to follow the guideline established by the related function restriction. The ‘Application Administration’ feature of System i Navigator should be viewed as an example of how the system’s function usage facility can be used rather than as a true substitute for proper security controls.
Tom
Do you want to stop traffice both ways? In other words, do you want to stop your users from uploading and downloading data?
Here is an example of an exit program I wrote to do stop ODBC uploads. You should be able to modify it to stop downloads as well.
100 ********************************************************************** 02/15/08 200 * SET COMPILER OPTIONS 02/15/08 300 ********************************************************************** 02/15/08 400 HOPTION(*NODEBUGIO:*SRCSTMT) 02/15/08 500 ********************************************************************** 02/15/08 600 * PROGRAM NAME: ODBCEXITR 10/01/08 800 * CREATION DATE: 07/23/08 07/23/08 900 * PURPOSE OF PROGRAM: ODBC EXIT PROGAM TO PREVENT FILE UPDATES. 10/01/08 1000 ********************************************************************** 06/19/07 1100 * FILES USED BY PROGRAM. 06/19/07 1200 ********************************************************************** 06/19/07 1300 FODBCEXITPFIF A E K DISK 09/30/08 1400 ********************************************************************** 07/23/08 1500 * ENTRY PARMS. 07/23/08 1600 ********************************************************************** 07/23/08 1700 D ENTRYPARMS PR ExtPgm('ODBCEXITR2') 10/02/08 1800 D REQUEST_STATUS... 10/01/08 1900 D 1 10/01/08 2000 D REQUEST_STRING... 10/01/08 2100 D 1024 10/10/08 2200 07/23/08 2300 D ENTRYPARMS PI 07/23/08 2400 D REQUEST_STATUS... 10/01/08 2500 D 1 10/01/08 2600 D REQUEST_STRING... 10/01/08 2700 D 1024 10/10/08 2800 07/23/08 2900 ********************************************************************** 07/23/08 3000 * FIELD DEFINITIONS. 07/23/08 3100 ********************************************************************** 07/23/08 3200 D USER_PROFILE S 10 INZ(*BLANKS) 10/02/08 3300 D SERVER_ID S 10 INZ(*BLANKS) 10/02/08 3400 D FORMAT_NAME S 8 INZ(*BLANKS) 10/02/08 3500 D FUNCTION S 4 INZ(*BLANKS) 10/02/08 3600 D CODETYPE S 4 INZ(*BLANKS) 10/07/08 3700 D FILE_CHANGE S 6 INZ(*BLANKS) 10/10/08 5900 ********************************************************************** 10/02/08 6000 * DATA STRUCTURE FOR REQUEST STRING 10/02/08 6100 ********************************************************************** 10/02/08 6200 D DS INZ 10/02/08 6300 D REQUEST 1 364 10/10/08 6400 D USER 1 10 10/02/08 6500 D SRVID 11 20 10/02/08 6600 D FORMAT 21 28 10/02/08 6700 D FUNC 29 32 10/02/08 6800 D FILNAME 33 161 10/10/08 6900 D LIBNAME 162 171 10/10/08 7000 D MEMBERNAME 172 181 10/10/08 7100 D AUTHORITY 182 191 10/10/08 7200 D Based_on_file_name... 10/10/08 7300 D 192 319 10/10/08 7400 D Based_on_library_name... 10/10/08 7500 D 320 329 10/10/08 7600 D Override_file_name... 10/10/08 7700 D 330 339 10/10/08 7800 D Override_library_name... 10/10/08 7900 D 340 349 10/10/08 8000 D Override_member_name... 10/10/08 8100 D 350 364 10/10/08 8200 10/02/08 8300 // ****************************************************************** 06/19/07 8400 // * START FREE FORM CALCS. 06/19/07 8500 // ****************************************************************** 06/19/07 8600 06/19/07 8700 /FREE 06/19/07 8800 06/19/07 8900 07/23/08 9000 // ****************************************************************** 07/23/08 9100 // * WRITE REQUEST TO FILE. 10/01/08 9200 // ****************************************************************** 07/23/08 9300 07/23/08 9400 REQUEST_STATUS = '1'; 10/02/08 9500 10/02/08 9600 ODBSTATUS = REQUEST_STATUS; 10/01/08 9700 ODBREQUEST = REQUEST_STRING; 10/01/08 9800 REQUEST = REQUEST_STRING; 10/02/08 9900 ODBUSER = USER; 10/02/08 10000 ODBSRVID = SRVID; 10/02/08 10100 ODBFORMAT= FORMAT; 10/02/08 10200 ODBFUNC = FUNC; 10/02/08 10700 // ****************************************************************** 10/07/09 10800 // * IF THE REQUEST IS FROM ANYONE EXCEPT FAST FAX OR B&L'S MPC. 10/07/09 10900 // ****************************************************************** 10/07/09 11000 10/07/09 11100 IF ODBUSER <> 'FFXSYS' AND 10/07/09 11200 ODBUSER <> 'MPC'; 10/07/09 12300 10/10/08 12400 // ****************************************************************** 10/07/09 12500 // * CHECK THE REQUEST STATUS. 10/07/09 12600 // * IF THIS IS AN UPDATE OR INSERT (ADD A RECORD) REQUEST, CHANGE 10/07/09 12700 // * THE STATUS TO 0. THIS WILL DENY THE REQUEST. 10/07/09 12800 // * 10/07/09 12900 // * WHEN THE ODBC DRIVER SEES THAT THE REQUEST IS DENIED, IT WILL 10/07/09 13000 // * KILL THE JOB. 10/07/09 13100 // ****************************************************************** 10/07/09 13200 10/07/09 13300 FILE_CHANGE = %SUBST(ODBREQUEST : 240 : 6); 10/10/08 13400 10/10/08 13500 IF FILE_CHANGE = 'UPDATE' OR 10/10/08 13600 FILE_CHANGE = 'INSERT'; 10/10/08 13700 10/10/08 13800 REQUEST_STATUS = '0'; 10/10/08 13900 10/10/08 14000 ENDIF; 10/10/08 14100 10/10/08 14200 10/10/08 34500 07/23/08 34600 *INLR = *ON; 07/23/08 34700 RETURN; 07/23/08 34800 07/23/08 34900 /END-FREE 06/19/07 35000 06/19/07Check out this thread:
<a href=”http://itknowledgeexchange.techtarget.com/itanswers/block-winsql/?asrc=EM_UGT_9808457&uid=11161″ title=”http://itknowledgeexchange.techtarget.com/itanswers/block-winsql/?asrc=EM_UGT_9808457&uid=11161″ target=”_blank”>http://itknowledgeexchange.techtarget.co…</a>
I’ve tried three different times to post the code of an exit program I have that does this and all three times the post has failed to come through. Let me know if you want it and I will email it to you.
We had exactly the same situation where we wanted to block all users from using ODBC to retrieve data from payroll files. We tried blocking functions via iNav but were not happy with the results.
We settled on protecting our data by simply using good ol’ iSeries object authority on the payroll library. The group profile feature simplified the task and works very well.