Charles,

Rather than risk hosing something else on your box by trying to create a
"replacement *PUBLIC profile" or even just trying to hit every object on
your box, it seems to me it would be a lot easier to use an exit program for
the ODBC/JDBC remote transactions.  

There are several exit program security products out there, but only one
that I know of can afford 'pinpoint' accuracy with regard to controlling
access via the exit point without having to modify any existing OS/400
object authorities or user profile groupings.

Contact me offline if you would like more details.

Steven W. Martinson, CISSP, CISM
iSeries Security Consultant  |  NetIQ Corporation

Cell 281.546.9836  |  www.netiq.com 
1233 West Loop South  |  Suite 1800  |  Houston, TX 77027
 

> message: 1
> date: Fri, 22 Apr 2005 14:01:25 -0400
> from: "Wilt, Charles" <CWilt@xxxxxxxxxxxx>
> subject: [Security400] Prevent User Profile from using public authority

> Is there any way to prevent a user profile from using *PUBLIC authority?

> Here's the scenario, I've got a user profile set up for JDBC use from a
external web server.  All I want this profile do > be able to do is call
stored procedures it is specifically authorized to.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.