security for iSeries client access data transfer
I like to know how we can block user from using client access data transfer?
Software/Hardware used:
Software/Hardware used:
ASKED:
September 20, 2007 8:49 PM
UPDATED:
February 3, 2010 4:26 PM
Answer Wiki:
As part of the Client Access install on the pc you can take the option to customize, and in there you can select or not select the data transfer option.
Ted
A really good article written by Ron Turull explains how to use the registration facility on the iSeries to limit data transfer requests. You can totally block a user or limit them to download to a PC but not upload to the iSeries. It is in two parts and the URLs are listed below.
Part 1.
http://search400.techtarget.com/tip/1,289483,sid3_gci995296,00.html
Part 2.
http://search400.techtarget.com/tip/0,289483,sid3_gci1000656,00.html
To see all answers submitted to the Answer Wiki: View Answer History.
You remove CWBTF.EXE from your computer. If your application would like to use PC Support, you can use rtopcb.exe from dos command.
Bee
Restrict the user from the data file in the first place using the built-in AS/400 security (EDTOBJAUT command).
I cannot control from the PC configuration. I cannot control at the file level either. I need to control strictly on the user ID level. If the user logon with a specific ID, the file transfer function cannot be run either within client access or Excel.
If the user logon with a specific ID, the file transfer function cannot be run either within client access or Excel.
But it’s okay if they use ODBC or FTP or Windows networking. Essentially any client access user can execute RMTCMD from a DOS prompt to copy any file they have authority to to anywhere they have authority to, without using file transfer.
But your best bet is to use Application Administration in iSeries Navigator.
Right-click your connection to select it. Take the Client Applications tab and expand Data Transfer under iSeries Access for Windows.
If you have the authority to make such associations, you can restrict any or all users from using file transfer uploads and/or downloads.
Be aware that this only affects iSeries Access functions. Only applications that query the functions facility will honor it. However, there is no good alternative except significant programming effort (on-going) or 3rd-party products. And only a few users will ever find the various ways around it.
Proper object authority, of course, would make it all mostly unnecessary.
Tom
We had a very similar issue. One of the security experts at IBM recommended controlling this by setting the proper file authority instead of trying to restrict Client Access, Excel, etc.