On 1/28/2014 5:20 PM, Evan Harris wrote:
I'm a bit surprised that you would have the same security requirements onhaving
the staging tables as a production table.
It seems to me that tables that are part of an application should be
governed by the application security model, and I normally work from
PUBLIC *EXCLUDE, or *PUBLIC *READ as my preferred model - all otheraccess
being via the application interfaces.in
In my experience, staging tables often require lower levels of security -
for example having a specific user having *MANAGE rights, or even the
ability to create a table in the IFS or in a library, so my preference is
to have this "cordoned off" in a separate library.
Or maybe I'm just misunderstanding the usage of the term staging tables
I was thinking of a staging table as an import; say a vendor is
exchanging customer information with you. They send a file with name,
address, birth date and mailing preferences and you write a program that
matches the incoming data to your own customers so you can update the
customer master file.
If your company considers customer name and address to be proprietary
enough that you want to secure it in the customer master file (say via
*EXCLUDE and adopted authority) then the incoming 'work' table should be
subject to the same security requirements. It might not have your
customer ID number on it, but it's still customer name and address
information that's in the incoming work file...
--I can't imagine staging tables with the same layout as production
tables. By that I mean that generally speaking, inbound data isn't
typically normalised. Or free of decimal data errors (commas, decimal
points, minus signs and currency symbols in amounts, slashes or dashes
in dates, etc.) So in my case, I always use different names for the...
raw input as opposed to the final destination, production tables. I
keep them in the same library because they have similar security
requirements. If I don't want someone peeping at birth dates in
production, I probably don't want them peeping at them in a staging
table, no matter how transient that data may be.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact