|
midrange.com
Actually, the iSeries has had column level security since day 1. Back in
the days of OS/400 you would set up security on the PF so that no user
could access it directly. Then the LF's would only select certain
columns.
Now, with i5/OS, you can use direct column level security.
The problem is with people who try to access the PF directly with RPG F
specs, or try to select more fields than the bare minimum they need with
SQL and then they get blocked out.
Olden days of OS/400 method:
R JOEPFR
EMP# 15A
NAME 30A
WAGE 15P 5
EDTOBJAUT so that joePf looks like:
Object
User Group Authority
*PUBLIC USER DEF
----------Object-----------
Opr Mgt Exist Alter Ref
X
---------------Data---------------
Read Add Update Delete Execute
X X X X X
and this logical
R JOELFR PFILE(JOEPF)
EMP#
NAME
Would have the default security.
upddta rob/joePf
DFU-0065-Not authorized to perform operation on file JOEPF.
upddta rob/joeLf
Works great.
Row level security might be able to be completed with read triggers. But
I forget if read triggers were only after the fact. (AFTER read and not
BEFORE read).
Rob Berendt
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
