Hi Rich
The IBM i SQL Reference has the information - it would be in the VERIFY_GROUP_FOR_USER function, and here is what it says -
The VERIFY_GROUP_FOR_USER function returns a value that indicates whether the specified user is in the list of user profiles or is a member of any of the group user profiles specified by the list of authorization-id-expression arguments.
authorization-id-expression is a comma-separated list of user or group profiles. I'm inclined to think that the function would return a 1 if a group profile named GROUPS1 is in that expression and user USER1 has GROUPS1 specified as a supplemental group, because that user is a member of that group.
Hope I'm thinking straight on this!
Cheers
Vern
On Fri, 1 Nov, 2024 at 11:29 AM, Rich Loeber <rich@xxxxxxxxx> wrote:
To: midrange-l@xxxxxxxxxxxxxxxxxx
Another question about RCAC - does the expression VERIFY_GROUP_FOR_USER reference both group profiles and supplemental profiles? I'm not seeing anything at the IBM Knowledge Center that answers this question.
Rich
________________________________
On 10/31/2024 12:50 PM, Charles Wilt wrote:
Should have added that there is an API you can use programmatically...
Generate Data Definition Language (QSQGNDDL) API
Charles
On Thu, Oct 31, 2024 at 10:47 AM Charles Wilt <charles.wilt@xxxxxxxxx<mailto:charles.wilt@xxxxxxxxx>><mailto:charles.wilt@xxxxxxxxx<mailto:charles.wilt@xxxxxxxxx>>
wrote:
How about retrieving the SQL Source of the table?
I'd expect that to show you the RCAC statements.
Charles
On Thu, Oct 31, 2024 at 10:34 AM Rich Loeber <rich@xxxxxxxxx<mailto:rich@xxxxxxxxx>><mailto:rich@xxxxxxxxx<mailto:rich@xxxxxxxxx>> wrote:
Row and Column controls are additional security in the IBM i Db2 that let
you limit access to specific fields in a database to specific users and
also to limit access to certain records to certain users. DSPFD tells me
nothing. RCAC is all built by running SQL statements and there is no
"native" CL that you can use to set it up.
Rich
________________________________
On 10/31/2024 12:31 PM, Patrik Schindler wrote:
Hello Rich,
Am 31.10.2024<
http://31.10.2024> um 17:22 schrieb Rich Loeber <rich@xxxxxxxxx<mailto:rich@xxxxxxxxx>><mailto:rich@xxxxxxxxx<mailto:rich@xxxxxxxxx>><mailto:
rich@xxxxxxxxx<mailto:rich@xxxxxxxxx>><mailto:rich@xxxxxxxxx<mailto:rich@xxxxxxxxx>>:
I have a database file that was built with DDS. Both Row and Column
controls have been implemented.
What exactly are row and column controls in this context?
Now I would like to see what those controls are. I understand that they
are stored in the *FILE object, but is there a way to see what is already
configured if I don't have access to the SQL that was used to create them?
Uhm. Above you said, you've used DDS to create the PF. This is confusing.
Ideally, I'd really like to access this information programmatically.
Please try dspfd output(*outfile). This should contain a lot of
information regarding a PF, no matter if SQL or DDS.
:wq! PoC
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx><mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx>>
To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx><mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx>>
Before posting, please take a moment to review the archives
at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx<mailto:support@xxxxxxxxxxxxxxxxxxxx><mailto:support@xxxxxxxxxxxxxxxxxxxx<mailto:support@xxxxxxxxxxxxxxxxxxxx>> for any subscription related
questions.
midrange.com
