SQL/400: Access to only SELECT statement

Tags:
iSeries
SQL
SQL statements
SQL/400
I need to provide access to only SQL Select command in iSeries to user, is there a way to do it? User should be able to take F4 in the interactive SQL session.
More specifically I will be providing a menu option to user like SQL SELECT, once user select it he should be directed to SQL interactive session directly.


Software/Hardware used:
iSeries SQL

Answer Wiki

Thanks. We'll let you know when a new response is added.

You may try something like we have here. Granted you have to know your files well. We have a .NET app that lets them enter a SQL statement and click a check box for any of the 4 I-series machines to run it on. And a run button. IT returns a datagrid displaying the data. You can then copy and paste into Excel. Because the text box with the SQL command is filled in by the user you could always make the SELECT a hardcoded parameter. It also returns errors if the sting is bad as well as others.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • ToddN2000
    How is the user entering the code? If it's embedded in a program I don't think there is a way or if they are doing a STRSQL and entering the code I don't think you can restrict it here either. I think it's an all or nothing. You may be better off telling them to use the commands CRTQMQRY/WRKQMQRY for selecting data similar to qry.
    104,075 pointsBadges:
    report
  • jayakrishnanpadinhareveedu
    Todd Thanks for the reply.

    We have erp application running in iSeries, The support team have a custom menu in which we have provided options like DSPPFM, RUNQRY, WRKJOB etc. There is no data base update related options. I need to provide one more menu option like SQL Select, once support person select this option iSeries should display "Specify SELECT Statement" (as if selected option 30 from Select SQL statement) interactive session and user should be able to selection details here and run the statement
    15 pointsBadges:
    report
  • TheRealRaven
    In general, no user should ever be given authority to the STRSQL command. You can't control what they do with it. Instead, you should let them run STRQM where you can choose what statements any user might run.

    Beyond that, though, it actually shouldn't matter if users run any statement they desire in STRSQL. The problem isn't that they might run INSERT/UPDATE/DELETE/DROP/whatever; the problem is that the users have far more authority to database objects than is needed. It doesn't matter if they enter a DELETE statement that deletes all rows from, say, a ProductMaster table if they haven't been granted authority to delete rows from that table -- they'll only see an authority error message.

    But if authorities have never been set on the system in a reasonable way and SELECT statements seem needed, then STRQM is the way to go. A user with high enough authority would first use STRQM, option 10, to limit what any authorized user can do.
    25,055 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: