Actually, the iSeries has had column level security since day 1.  Back in 
the days of OS/400 you would set up security on the PF so that no user 
could access it directly.  Then the LF's would only select certain 
Now, with i5/OS, you can use direct column level security.

The problem is with people who try to access the PF directly with RPG F 
specs, or try to select more fields than the bare minimum they need with 
SQL and then they get blocked out.

Olden days of OS/400 method:
  EMP#          15A 
  NAME          30A 
  WAGE          15P 5

EDTOBJAUT so that joePf looks like:
User        Group       Authority
*PUBLIC                 USER DEF 
Opr  Mgt  Exist  Alter  Ref

Read  Add  Update  Delete  Execute
 X     X     X       X        X 

and this logical
Would have the default security.

upddta rob/joePf
DFU-0065-Not authorized to perform operation on file JOEPF.  

upddta rob/joeLf
Works great.

Row level security might be able to be completed with read triggers.  But 
I forget if read triggers were only after the fact.  (AFTER read and not 
BEFORE read).

Rob Berendt

Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2015 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact