Actually, the iSeries has had column level security since day 1. Back in
the days of OS/400 you would set up security on the PF so that no user
could access it directly. Then the LF's would only select certain
columns.
Now, with i5/OS, you can use direct column level security.
The problem is with people who try to access the PF directly with RPG F
specs, or try to select more fields than the bare minimum they need with
SQL and then they get blocked out.
Olden days of OS/400 method:
R JOEPFR
EMP# 15A
NAME 30A
WAGE 15P 5
EDTOBJAUT so that joePf looks like:
Object
User Group Authority
*PUBLIC USER DEF
----------Object-----------
Opr Mgt Exist Alter Ref
X
---------------Data---------------
Read Add Update Delete Execute
X X X X X
and this logical
R JOELFR PFILE(JOEPF)
EMP#
NAME
Would have the default security.
upddta rob/joePf
DFU-0065-Not authorized to perform operation on file JOEPF.
upddta rob/joeLf
Works great.
Row level security might be able to be completed with read triggers. But
I forget if read triggers were only after the fact. (AFTER read and not
BEFORE read).
Rob Berendt
