Re: Not allowing update on a file

Charles is probably right in that you have "menu security", which generally means that all of your files have *public *change authority, i.e. anyone who has a command line can change them. This works as long as you control access by controlling access to your green screen menus. But it tends to quickly fall apart once you open up remote access, e.g, from SQL Server.

In my last job we brought in exit point software, PowerTech Authority Broker to solve that. In our case, no one was allowed to do any updating. If you want someone to just be able to read, but others to update, then you need two OS/400 userids on which you connect. So it does need someone who is knowledgeable on OS/400 security to make it work.

PowerTech isn't the only game in town--in my prior job we used Kisco Safenet (Big company, with two very experienced ISeries System Admins would did the setup and management.) There are probably a couple of others in the market.

Incidentally, if your SQL server guys can update, they, and perhaps others, may also be able to update from Excel.

Sam

On 2/19/2016 10:09 AM, Charles Wilt wrote:

Yep, that means everybody on your system is allowed to change the data in
the file.

My guess is you've got "menu security" in place.

But as you've found, that doesn't do a thing for non-menu access methods.

Changing *PUBLIC to *USE or better yet *EXCLUDE is what you need to do.
But that will probably break your ERP.

You've got 3 choices
1) Spend big $$$ bring in a security consultant to remediate the "menu
security" into "object security"
2) Spend $$$ bringing in a (exit point) tool that will allow you to lock
down what you need to without going all the way to object security.
3) Write your own tool.

Given your lack of experience, I'd suggest bringing in an expert regardless
of which way you go.

Charles