Hi Buck

thanks for sharing your thinking. My view point was that I would not want
them to be able to get near the customer master file as it (presumably) has
customers from other vendors.

I would think that the vendor would need at least *MANAGE rights over the
file they provide, but no rights at all (*EXCLUDE) over the table the data
is going into or other tables in the same library.

On Wed, Jan 29, 2014 at 12:05 PM, Buck Calabro <kc2hiz@xxxxxxxxx> wrote:

On 1/28/2014 5:20 PM, Evan Harris wrote:
I'm a bit surprised that you would have the same security requirements on
the staging tables as a production table.

It seems to me that tables that are part of an application should be
governed by the application security model, and I normally work from
PUBLIC *EXCLUDE, or *PUBLIC *READ as my preferred model - all other
being via the application interfaces.

In my experience, staging tables often require lower levels of security -
for example having a specific user having *MANAGE rights, or even the
ability to create a table in the IFS or in a library, so my preference is
to have this "cordoned off" in a separate library.

Or maybe I'm just misunderstanding the usage of the term staging tables
this context.

I was thinking of a staging table as an import; say a vendor is
exchanging customer information with you. They send a file with name,
address, birth date and mailing preferences and you write a program that
matches the incoming data to your own customers so you can update the
customer master file.

If your company considers customer name and address to be proprietary
enough that you want to secure it in the customer master file (say via
*EXCLUDE and adopted authority) then the incoming 'work' table should be
subject to the same security requirements. It might not have your
customer ID number on it, but it's still customer name and address
information that's in the incoming work file...

I can't imagine staging tables with the same layout as production
tables. By that I mean that generally speaking, inbound data isn't
typically normalised. Or free of decimal data errors (commas, decimal
points, minus signs and currency symbols in amounts, slashes or dashes
in dates, etc.) So in my case, I always use different names for the...
raw input as opposed to the final destination, production tables. I
keep them in the same library because they have similar security
requirements. If I don't want someone peeping at birth dates in
production, I probably don't want them peeping at them in a staging
table, no matter how transient that data may be.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page