avoid running update command in DB2/400

Dear Experts,
What is the best way to avoid users running update command in DB2/400?
In the other side we dont want to make any conflict with the applications that run in AS/400.
Thanks
 
alirezakavehAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

momi_sabagCommented:
i don't understand the question?
what do you mean by users running update commands and what do you mean by conflict with applications?

if you don't want users to run update commands you have 2 options
1) dont' give them permissions to update the table
2) write a tool that can only perform select statements and let them use that tool

of course, option 1 is easier and safer
alirezakavehAuthor Commented:
We have some AS/400 admin that are able to go to STRSQL screen and running the queries, I want to block their permissions for update commands not for other query options, meanwhile some programs are using  update command to make changes in the files, I just want to block some admin users from this task
Kent OlsenDBACommented:
Admins are a particularly difficult group to contain.  By definition, they have access to nearly everything in the system.

Restricting them from an UPDATE or INSERT command won't happen.  You may be able to push your applications update logic into a stored procedure and have some logic in the SP determine if it is to run.

There are not a lot of options.  Having a good and cooperative Admin is probably the best start.


Kent
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

alirezakavehAuthor Commented:
Yes, that is true, but our Auditors have asked us to find a way that block or journal or & the system from direct DB2 update, what could be the best solution for this problem? Could trigger be useful for this purpose?
Kent OlsenDBACommented:
If the admins are running SQL that updates your database, you should be able to find that in the log.

Is that sufficient for the auditors?


Kent
alirezakavehAuthor Commented:
Could you please tell me how its possible to see the database transactions journal file, because I can not display them with DSPJRN command
tliottaCommented:
alirezakaveh:

> ...I can not display them with DSPJRN command

Why not? That is, what happens? That is, is there an error when you try? are you not authorized to the command? are you not authorized to the journal? is there no journal associated with the files? is the journal empty? are you unable to determine which journal?

What problem are you seeing?

Tom
Gary PattersonVP Technology / Senior Consultant Commented:
alirezakaveh:

If your system administrator's profiles have *ALLOBJ authority (most admins do), then they automatically have rights to update any file on the system.  
 
Auditing these changes is easier:

First, determine if the file(s) in question are being journaled.  You can use the DSPFD command t determine if the files are currently being journaled, and if so, what journal they are associated with.  If the files are not being journaled, you will need to set up journaling.  Refer to the Backup and Recovery guide for your veriosn of the OS for instructions on implementing journaling.  Be aware that journaling can generate a great deal of disk activity, disk space usage, and can have an impact on system performance.  I encourage you to get some expert assistance if you need to implement

Once you have the name of the journal, you can use the DSPJRN command to display the contents of the journal.

- Gary Patterson

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.