× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2018

Re: Interactive SQL ability without UPDATE or DELETE

I agree with Rob. Security is much better implemented at the data object
level, not the application layer / tool level.

The problem is implementing security at the data object level tends to be a
lot more work to get that better, and more secure, result.

I doubt there is a way to restrict UPDATE and DELETE statements in STRSQL,
while allowing SELECT statements.

That said, a fairly decent way, at the application layer, to continue
allowing SELECT SQL is to:
1) Lock down STRSQL completely.
2) Provide a GUI SQL tool to the users, like IBM's ACS Run SQL Scripts.
This is a much more productive user interface than STRSQL.
3) Implement programs on exit points QIBM_QZDA_SQL1 and QIBM_QZDA_SQL2 as
needed, to control what types of SQL the users can run from their client
PCs.

Mike


date: Tue, 3 Apr 2018 08:23:58 -0400
from: Rob Berendt <rob@xxxxxxxxx>
subject: Re: Interactive SQL ability without UPDATE or DELETE

The word is compliant, not complacent. Complacent can get you into
trouble.

The reason your manager may have suggested Query Manager is because of
this:
STRQM
10. Work with Query Manager profiles
2=Change
Page down to the bottom
Select allowed SQL statements

Default is SELECT only.

The problem is you are trying security by tools and not data security.
Read this:
https://www.linkedin.com/pulse/piecemeal-security-rob-berendt/


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com

From: Mohan Eashver <mohankva@xxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 04/03/2018 08:12 AM
Subject: Interactive SQL ability without UPDATE or DELETE
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>

Hello All,

Is there anyway to restrict an user to SELECT only statements on
interactive SQL screen (STRSQL) ?



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.