Without reworking your entire object security scheme you can
* Make the owner of the program someone who can read the physical.
Change Object Owner (CHGOBJOWN)
Type choices, press Enter.
Object . . . . . . . . . . . . . > YOURPGM Name
Library . . . . . . . . . . . > YOURLIB Name, *LIBL, *CURLIB
Object type . . . . . . . . . . > *PGM *ALRTBL, *AUTL, *BNDDIR...
ASP device . . . . . . . . . . . * Name, *, *SYSBAS
New owner . . . . . . . . . . . ProfileAuthorizedToPF Name
Current owner authority . . . . *SAME *REVOKE, *SAME
* If ProfileAuthorizedToPF is not authorized to use the column restricted logical file change the program to have USRPRF of *OWNER and to adopt authority. Changing USRPRF to *OWNER gives the program authority to read the physical file and changing USEADPAUT to *YES gives the user access to the new column restricted logical file.
Change Program (CHGPGM)
Type choices, press Enter.
Program . . . . . . . . . . . . PGM > YOURPGM
Library . . . . . . . . . . . > YOURLIB
Optimize program . . . . . . . . OPTIMIZE *SAME
User profile . . . . . . . . . . USRPRF > *OWNER
Use adopted authority . . . . . USEADPAUT > *YES
Remove observable info . . . . . RMVOBS *SAME
+ for more values
Enable performance collection: ENBPFRCOL
Collection level . . . . . . . *SAME
Procedures . . . . . . . . . .
Profiling data . . . . . . . . . PRFDTA *SAME
Teraspace . . . . . . . . . . . TERASPACE *SAME
Force program re-creation . . . FRCCRT *NO
Text 'description' . . . . . . . TEXT *SAME
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Gqcy
Sent: Monday, October 06, 2014 7:22 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Re: authority on physical vs. logical
I am attempting to do a read via SQL (SQLRPGLE)...
I must have something not correct...
On 10/6/2014 9:08 AM, Charles Wilt wrote:
That should allow you to read the data using SQL or RPG RLA...
But some operations such as CPYF require access to the PF.
What are you trying to do?
Charles
On Mon, Oct 6, 2014 at 9:44 AM, Gqcy<gmufasa01@xxxxxxxxx<mailto:gmufasa01@xxxxxxxxx>> wrote:
I am trying to lock down sensitive data.
I have given:
TESTUSER *EXCLUDE
authority to the physical,
and
TESTUSER *USE on the view I created...
I get a Not authorized to the physical...
what do I need to do to allow access to the view, but not have access
to the physical???
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxx> To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxx> Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxx> To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxx> Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
midrange.com
