MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » January 2014

Re: Philosophical question - Staging tables, name and location



fixed

Hi Vern

Thanks, yeah I'm aware of that, I just got fixated on one scenario -
Charles jolted me back to reality.


On Thu, Jan 30, 2014 at 1:05 AM, Vernon Hamberg <vhamberg@xxxxxxxxxxxxxxx>wrote:

Evan, FTP is only one mechanism for vendors OR customers sending data or
making it available. We have several instances of attachments in emails
sent to us - we can use a utility like RJS' POP400 that gives us the
ability to read a POP3 inbox programmatically. I believe AMAILER from
easy400.net can do the same.

Email especially insulates an enterprise from security issues as raised
here.

Vern

On 1/28/2014 11:18 PM, Evan Harris wrote:
Works for me


On Wed, Jan 29, 2014 at 5:23 PM, Charles Wilt <charles.wilt@xxxxxxxxx
wrote:

I pull it down via FTP

Charles


On Tue, Jan 28, 2014 at 11:14 PM, Evan Harris <auctionitis@xxxxxxxxx>
wrote:

OK, I'll bite - how do they send you the file ?


On Wed, Jan 29, 2014 at 5:10 PM, Charles Wilt <charles.wilt@xxxxxxxxx
wrote:
The vendor doesn't get any rights on my system at all :)

Charles


On Tue, Jan 28, 2014 at 6:45 PM, Evan Harris <auctionitis@xxxxxxxxx>
wrote:

Hi Buck

thanks for sharing your thinking. My view point was that I would not
want
them to be able to get near the customer master file as it
(presumably)
has
customers from other vendors.

I would think that the vendor would need at least *MANAGE rights over
the
file they provide, but no rights at all (*EXCLUDE) over the table the
data
is going into or other tables in the same library.


On Wed, Jan 29, 2014 at 12:05 PM, Buck Calabro <kc2hiz@xxxxxxxxx>
wrote:
On 1/28/2014 5:20 PM, Evan Harris wrote:
I'm a bit surprised that you would have the same security
requirements
on
the staging tables as a production table.

It seems to me that tables that are part of an application should
be
governed by the application security model, and I normally work
from
having
PUBLIC *EXCLUDE, or *PUBLIC *READ as my preferred model - all
other
access
being via the application interfaces.

In my experience, staging tables often require lower levels of
security -
for example having a specific user having *MANAGE rights, or even
the
ability to create a table in the IFS or in a library, so my
preference
is
to have this "cordoned off" in a separate library.

Or maybe I'm just misunderstanding the usage of the term staging
tables
in
this context.
I was thinking of a staging table as an import; say a vendor is
exchanging customer information with you. They send a file with
name,
address, birth date and mailing preferences and you write a program
that
matches the incoming data to your own customers so you can update
the
customer master file.

If your company considers customer name and address to be
proprietary
enough that you want to secure it in the customer master file (say
via
*EXCLUDE and adopted authority) then the incoming 'work' table
should
be
subject to the same security requirements. It might not have your
customer ID number on it, but it's still customer name and address
information that's in the incoming work file...
--buck

I can't imagine staging tables with the same layout as
production
tables. By that I mean that generally speaking, inbound data
isn't
typically normalised. Or free of decimal data errors (commas,
decimal
points, minus signs and currency symbols in amounts, slashes or
dashes
in dates, etc.) So in my case, I always use different names for
the...
raw input as opposed to the final destination, production
tables.
I
keep them in the same library because they have similar security
requirements. If I don't want someone peeping at birth dates in
production, I probably don't want them peeping at them in a
staging
table, no matter how transient that data may be.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



--

Regards
Evan Harris
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



--

Regards
Evan Harris
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.




--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.









Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact