What is your definition of "super users"? Users who are somewhat knowledgeable and careful with SQL and that genre but can still be controlled with proper security? Or just someone with unlimited access?

First of all, it isn't generally the method of access, it's the data.
This is important to grasp. While auditors try to control things like STRSQL and other commands that's going about it all wrong and you really need to be concentrating on the data.
"Application only access" says that the users have no access to the data. Only the programs do. Normally that is done through program adoption. Then if the "super users" need ability to query the data directly you can give them read authority to the data.

Is there such a thing as a "local" machine? A user connects to a machine from their client. If that machine is in your room, building, co-location facility, neighboring country, it doesn't matter (other than perhaps a little latency).
However if you mean if you start out at one database, and you want to connect to another without disconnecting/reconnection then I think you're talking about something like 3-part naming. This is set up with WRKRDBDIRE and DSPSVRAUTE (alas there is no WRKSVRAUTE command). And then synchronized passwords or EIM/SSO to finish that off.
Again, independent of the tool.

Once completed it's not hard to do things like
declare global temporary table hqrco as (
select * from gdihq.erplxf.rco
) with data
Table HQRCO created in QTEMP.

But you can't join across systems.
select s.cmpny, s.cmpnam, h.cmpny, h.cmpnam
from gdisys.erplxf.rco s full outer join gdihq.erplxf.rco h
on s.cmpny = h.cmpny
Statement references objects in multiple databases. (SQL0512)

Nothing stopping you from doing this in a stored procedure or other program
Declare cursor over remote table
Process cursor
Post results into local table
Next

For more information see the following:
https://www.linkedin.com/pulse/piecemeal-security-rob-berendt/
https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=94447


Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.