5 pts.
 security for iSeries client access data transfer
I like to know how we can block user from using client access data transfer?

Software/Hardware used:
ASKED: September 20, 2007  8:49 PM
UPDATED: February 3, 2010  4:26 PM

Answer Wiki:
As part of the Client Access install on the pc you can take the option to customize, and in there you can select or not select the data transfer option. Ted A really good article written by Ron Turull explains how to use the registration facility on the iSeries to limit data transfer requests. You can totally block a user or limit them to download to a PC but not upload to the iSeries. It is in two parts and the URLs are listed below. Part 1. http://search400.techtarget.com/tip/1,289483,sid3_gci995296,00.html Part 2. http://search400.techtarget.com/tip/0,289483,sid3_gci1000656,00.html
Last Wiki Answer Submitted:  October 12, 2007  12:30 pm  by  Tbunn517   15 pts.
All Answer Wiki Contributors:  Tbunn517   15 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _


 

You remove CWBTF.EXE from your computer. If your application would like to use PC Support, you can use rtopcb.exe from dos command.

Bee

 0 pts.

 

Restrict the user from the data file in the first place using the built-in AS/400 security (EDTOBJAUT command).

 1,410 pts.

 

I cannot control from the PC configuration. I cannot control at the file level either. I need to control strictly on the user ID level. If the user logon with a specific ID, the file transfer function cannot be run either within client access or Excel.

 5 pts.

 

If the user logon with a specific ID, the file transfer function cannot be run either within client access or Excel.

But it’s okay if they use ODBC or FTP or Windows networking. Essentially any client access user can execute RMTCMD from a DOS prompt to copy any file they have authority to to anywhere they have authority to, without using file transfer.

But your best bet is to use Application Administration in iSeries Navigator.

Right-click your connection to select it. Take the Client Applications tab and expand Data Transfer under iSeries Access for Windows.

If you have the authority to make such associations, you can restrict any or all users from using file transfer uploads and/or downloads.

Be aware that this only affects iSeries Access functions. Only applications that query the functions facility will honor it. However, there is no good alternative except significant programming effort (on-going) or 3rd-party products. And only a few users will ever find the various ways around it.

Proper object authority, of course, would make it all mostly unnecessary.

Tom

 107,765 pts.

 

We had a very similar issue. One of the security experts at IBM recommended controlling this by setting the proper file authority instead of trying to restrict Client Access, Excel, etc.

 5,525 pts.