How to Determine Database Access on AS/400

DaCurryman

5 pts.

Tags:

AS/400 database

AS/400 Permissions

DB2/400

IBM DB2

iSeries database

JD Edwards (JDE)

I have a client running JDEdwards on an AS/400. How can I determine which of the users have direct access to modify the DB2 database (access to DB without going through the JDE application)? Is there a particular security profile they must have? Thanks in advance.

Asked: March 5, 2009 3:36 PM Last updated: March 8, 2009 4:21 AM

Answer Wiki

Last updated: March 5, 2009 4:59 PM GMT

Gilly40023,730 pts.
History
Contributors
- Ordered by most recent
- Gilly40023,730 pts.
- philpl1jb54,090 pts.

Thanks. We'll let you know when a new response is added.

It’s the object security that’s important

DSPOBJAUT mylib/myfile
Individuals/Groups/*PUBLIC may be granted use/change and when you press F11 it steps through more details
ie: read/change/delete exist (they could delete the actual file) alteer to change the file structure etc.

Phil

Hi,

You should also check the settings on the user profiles. If the user profile has LMTCPB(*YES) this means they can’t run commands from the command line. If the user’s are restricted to using your application menus, then you shouldn’t have any problems.

Regards,

Martin Gilbert.

//////////////////////////////
Martin is right, that would stop most Green screen changes.
However, I don’t think that excludes the users from using the data with Excel/Access/Navigator SQL .. etc.
and using may include changing.
Phil

Discuss This Question: 1 Reply

graybeard52 Mar 8, 2009 4:21 AM GMT

That is correct - LMTCPB only applies to green screen. However, checking the user profiles is a good idea. Look for users who might have *ALLOBJ access. They can access virtually any object anywhere on the system, even if they are not listed on the object authority for the library or file.

3,115 pointsBadges:

report