Re: Single schema access

To the person who most always replies off list:

<snip>
Why not just fix it "once and for all" using OS/400 or IBM i security and
object authorization?
</snip>
Answer is
<snip>
Due to a mess with security let's forego the thought of changing each of
the several hundred schemas to GRTOBJAUT ODBCUSER *EXCLUDE one at a time.
</snip>

<snip>
Is this ODBCUSER a group profile?
</snip>
It's a single user. Even if it was a group it still would require that I
do the GRTOBJAUT ODBCUSER *EXCLUDE for a few hundred schemas. Not only
that, but everytime someone creates a new schema I would have to discover
that it occurred and change it's authority. Even if I changed the command
defaults or some such thing on creating a schema dollars to doughnuts the
person who created it would make it *PUBLIC *ALL.

<snip>
What does the authority for a typical "schema" (library) look like? Please
show the results of issuing:
DSPOBJAUT schemaname *LIB
</snip>
There is no typical schema. I have to secure them from accessing any,
except for one, with odbc. Some use authorization lists, of which we have
quite a list of authorization lists. Many don't bother with authorization
lists.

<snip>
What does *PUBLIC authority look like for these libraries?
</snip>
Depends on the schema. Could vary to *ALL, *AUTL and depending on the
*AUTL could be any number of things including *EXCLUDE, *USE, *ALL.

Rob Berendt