Charles, Rather than risk hosing something else on your box by trying to create a "replacement *PUBLIC profile" or even just trying to hit every object on your box, it seems to me it would be a lot easier to use an exit program for the ODBC/JDBC remote transactions. There are several exit program security products out there, but only one that I know of can afford 'pinpoint' accuracy with regard to controlling access via the exit point without having to modify any existing OS/400 object authorities or user profile groupings. Contact me offline if you would like more details. Steven W. Martinson, CISSP, CISM iSeries Security Consultant | NetIQ Corporation Cell 281.546.9836 | www.netiq.com 1233 West Loop South | Suite 1800 | Houston, TX 77027 > message: 1 > date: Fri, 22 Apr 2005 14:01:25 -0400 > from: "Wilt, Charles" <CWilt@xxxxxxxxxxxx> > subject: [Security400] Prevent User Profile from using public authority > Is there any way to prevent a user profile from using *PUBLIC authority? > Here's the scenario, I've got a user profile set up for JDBC use from a external web server. All I want this profile do > be able to do is call stored procedures it is specifically authorized to.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.