|
2. What does this setting mean? I can't even do a DSPPFM on the file.Lacking any object rights, users lacking the special authority
So why give the data read rights as all? This isn't the only file
like this - other physical files in QSYS have similar settings.
(Although interestingly enough logicals over those same physicals
are accessible.)
*ALLOBJ can not access any data directly from the physical file [so
DSPPFM is not an option for such users], nor create any VIEW or any
INDEX over one of those PF QADB* in QSYS. With that implementation
[effectively enabling row and column security], only the specific data
that should be visible to the general *PUBLIC is manifest via a logical
view of the specific columns and rows. However AFaIK there are still no
columns in any of those PF which are not exposed via one of the logical
files; I believe each physical still has at least one logical which
shares the record format of the physical. If ever there were to be some
data protected in that manner, not exposed via a logical, the underlying
authorities of the existing physical files would not have to be changed.
In other words, the implementation reflects a design which intended to
avoid an incompatible change in the future.
Any references to the physical files must either be run with or adopt
the authority from a user with the SPCAUT(*ALLOBJ).
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
