John,

If you don't have an exit program for the QIBM_QRQ_SQL, QIBM_QZDA_SQL1 and QIBM_QZDA_SQL2 exit points that filter table names you will have to use object level authority on the files themselves.

Going to object level security is probably your most secure method though.

o Program access is restricted by authorization list.
o Programs adopt the authority necessary to access the database (owned by a profile that can add/update/delete records in a file).
o Database access is restricted by authorization list. *PUBLIC is given *EXCLUDE rights to all your files.
o Add read rights to users as needed to the authorization list.

You can create authorization lists in whatever scheme/granularity suits your shop.

HTH

Gary Monnier


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of John Candidi
Sent: Friday, March 02, 2012 11:49 AM
To: Midrange Systems Technical Discussion
Subject: ODBC question

How do you give someone read only capability when accessing the I series via ODBC or transfer functions? We are still on 5.2 going to 5.4

John A. Candidi
American European Insurance Group
IT Systems, Application and Support Manager, CSO Office (856-779-6915) Mobile (484-645-5598) jacandidi@xxxxxxxxxxxxxxxxx


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].