On 1/28/2014 5:20 PM, Evan Harris wrote:
I'm a bit surprised that you would have the same security requirements on
the staging tables as a production table.
It seems to me that tables that are part of an application should be
governed by the application security model, and I normally work from having
PUBLIC *EXCLUDE, or *PUBLIC *READ as my preferred model - all other access
being via the application interfaces.
In my experience, staging tables often require lower levels of security -
for example having a specific user having *MANAGE rights, or even the
ability to create a table in the IFS or in a library, so my preference is
to have this "cordoned off" in a separate library.
Or maybe I'm just misunderstanding the usage of the term staging tables in
I was thinking of a staging table as an import; say a vendor is
exchanging customer information with you. They send a file with name,
address, birth date and mailing preferences and you write a program that
matches the incoming data to your own customers so you can update the
customer master file.
If your company considers customer name and address to be proprietary
enough that you want to secure it in the customer master file (say via
*EXCLUDE and adopted authority) then the incoming 'work' table should be
subject to the same security requirements. It might not have your
customer ID number on it, but it's still customer name and address
information that's in the incoming work file...
I can't imagine staging tables with the same layout as production
tables. By that I mean that generally speaking, inbound data isn't
typically normalised. Or free of decimal data errors (commas, decimal
points, minus signs and currency symbols in amounts, slashes or dashes
in dates, etc.) So in my case, I always use different names for the...
raw input as opposed to the final destination, production tables. I
keep them in the same library because they have similar security
requirements. If I don't want someone peeping at birth dates in
production, I probably don't want them peeping at them in a staging
table, no matter how transient that data may be.