RE: ODBC Security

["Walden H. Leverich" <WaldenL@xxxxxxxxxxxxxxx>]

Quazy,

There have been some fine answers, let me add a few. If only a couple of end
users need access at all then make the files Public(*Exclude) and grant the
individual users. If everyone needs read access then grant Public(*Use) and
you're all set. In my opinion ALL database updates should be done through
programs on the AS/400 and not via direct DML calls. So you can leave the
programs as public(*use) and make the AS/400 programs adopt authority to do
the updates. ODBC/OleDB will see these as stored procedures on the AS/400
and allow you to simply call them.

-Walden



-----Original Message-----
From: Quazy [mailto:quazy@SoftHome.net]
Sent: Thursday, November 09, 2000 12:26 PM
To: midrange-l@midrange.com
Subject: ODBC Security


How does everyone deal with security on the 400 and the ability to use ODBC?

If production files are set to public authority to *change, what can I 
do.  users don't have access to manipulate the data from the AS/400 (I have 
taken all those ways away).  But even if a user with basically no authority 
gets on through ODBC they could do anything they want to the database.


What is there you can do?

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---