alirezakaveh
asked on
avoid running update command in DB2/400
Dear Experts,
What is the best way to avoid users running update command in DB2/400?
In the other side we dont want to make any conflict with the applications that run in AS/400.
Thanks
What is the best way to avoid users running update command in DB2/400?
In the other side we dont want to make any conflict with the applications that run in AS/400.
Thanks
ASKER
We have some AS/400 admin that are able to go to STRSQL screen and running the queries, I want to block their permissions for update commands not for other query options, meanwhile some programs are using update command to make changes in the files, I just want to block some admin users from this task
Admins are a particularly difficult group to contain. By definition, they have access to nearly everything in the system.
Restricting them from an UPDATE or INSERT command won't happen. You may be able to push your applications update logic into a stored procedure and have some logic in the SP determine if it is to run.
There are not a lot of options. Having a good and cooperative Admin is probably the best start.
Kent
Restricting them from an UPDATE or INSERT command won't happen. You may be able to push your applications update logic into a stored procedure and have some logic in the SP determine if it is to run.
There are not a lot of options. Having a good and cooperative Admin is probably the best start.
Kent
ASKER
Yes, that is true, but our Auditors have asked us to find a way that block or journal or & the system from direct DB2 update, what could be the best solution for this problem? Could trigger be useful for this purpose?
If the admins are running SQL that updates your database, you should be able to find that in the log.
Is that sufficient for the auditors?
Kent
Is that sufficient for the auditors?
Kent
ASKER
Could you please tell me how its possible to see the database transactions journal file, because I can not display them with DSPJRN command
alirezakaveh:
> ...I can not display them with DSPJRN command
Why not? That is, what happens? That is, is there an error when you try? are you not authorized to the command? are you not authorized to the journal? is there no journal associated with the files? is the journal empty? are you unable to determine which journal?
What problem are you seeing?
Tom
> ...I can not display them with DSPJRN command
Why not? That is, what happens? That is, is there an error when you try? are you not authorized to the command? are you not authorized to the journal? is there no journal associated with the files? is the journal empty? are you unable to determine which journal?
What problem are you seeing?
Tom
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
what do you mean by users running update commands and what do you mean by conflict with applications?
if you don't want users to run update commands you have 2 options
1) dont' give them permissions to update the table
2) write a tool that can only perform select statements and let them use that tool
of course, option 1 is easier and safer