Field Level Security -- MIDRANGE-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

I'm trying to understand why is isn't possible in DB2/400 to use field level 
security to prevent ALL access to a column (field) in a *FILE using field level 
security.

It looks like the only Data Security attribute that can be restricted at the 
field level is UPDATE... as in:

        REVOKE UPDATE(oaddat, oadtim) ON KENNETH/CVTOBJAUT FROM PUBLIC

Does anyone know the "technical" reason for not being able to do this:

        REVOKE READ(oaddat, oadtim) ON KENNETH/CVTOBJAUT FROM PUBLIC

                                        or

        REVOKE ALL(oaddat, oadtim) ON KENNETH/CVTOBJAUT FROM PUBLIC

Note: oaddat and oadtim are fields within the table CVTOBJAUT.

I know field access can be restricted through the use of views, but I'm trying 
to restrict access to certain fields when someone uses an ADHOC file editor 
against a physical file.


Is this just a restriction for DB2/400 or do other DB products (MS SQL, Oracle) 
have the same restriction?

Kenneth

****************************************
Kenneth E. Graap
IBM Certified Specialist 
AS/400e Professional System Administrator
NW Natural (Gas Services)
keg@xxxxxxxxxxxxx
Phone: 503-226-4211 x5537
FAX:    603-849-0591
****************************************

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.