Blocking certain fields from being downloaded using Client Access

Application development
Hi, By using WRKQRY, we can select the files and create output files. My problem is how do I block certain users from downloading certain sensitive fields like Price in the output file. Thanks..

Answer Wiki

Thanks. We'll let you know when a new response is added.

Create a logical file without the fields and have the users access this file only.


You probably can’t.

Your users currently have access to two capabilities — uncontrolled access to any file in the applications and downloading. You probably have a current business environment where downloads have become an integrated part of normal procedures; normal work requires them. And you have an application environment that provides insufficient controls for anything outside of the application structure; queries supply access that the application isn’t aware of.

If you start locking down files, your application will start failing. If you block downloads, processes that incorporate Windows functions will probably be stopped cold.

And you aren’t yet willing to go to the expense of re-architecting your application security. It won’t be simple because a lot of procedures will have to change. Many of them are ones you probably aren’t aware of.

The troubling part is that it can be done, and it can be done in ways that would make everything work better than it does now.

If you’re really serious, the first controls <b>must</b> be placed on the PCs. You need to understand that even if you totally blocked FTP, iSeries Access file transfers, ODBC, Windows networking shares and all other common forms of downloading, then simple queries that go only to lists on a terminal emulation screen are enough to transfer your price lists to a USB thumb-drive. (Windows can “print” to files. Emulator screens can be “printed” to a Windows printer. Macros can automatically page through screens and every screen can be “printed” to a file on a thumb-drive. A user doesn’t even have to remain at the workstation; macros can do it automatically.)

If you don’t control the PCs, then there is no control as long as any information reaches the PCs. Wherever the information can flow, that’s another route of control.

Getting the idea? This isn’t a trivial task if you’re serious.

So, start by deciding how serious you are. Get a clear picture of exactly what you need to control. Not what you want to control, but what you need. Organize it.

Then write it into a security policy. Tell employees what is to be protected and what the consequences of not doing so are.

Having a written and public security policy that is enforced is going to be your best form of security.

While it’s being created, you’ll have an opportunity to review existing procedures around your assets. You might find ones that are unnecessary and others that shouldn’t be done. You might realize that some need to be done but aren’t.

When you’re finished, you’ll have a blueprint. That’s what you need in order to automate any of it. It will give you a basis for asking clear and direct questions. And you’ll know when answers are appropriate.

Good luck.


Discuss This Question:  

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: