avoid running update command in DB2/400

i don't understand the question?
what do you mean by users running update commands and what do you mean by conflict with applications?

if you don't want users to run update commands you have 2 options
1) dont' give them permissions to update the table
2) write a tool that can only perform select statements and let them use that tool

of course, option 1 is easier and safer

We have some AS/400 admin that are able to go to STRSQL screen and running the queries, I want to block their permissions for update commands not for other query options, meanwhile some programs are using  update command to make changes in the files, I just want to block some admin users from this task

Admins are a particularly difficult group to contain.  By definition, they have access to nearly everything in the system.

Restricting them from an UPDATE or INSERT command won't happen.  You may be able to push your applications update logic into a stored procedure and have some logic in the SP determine if it is to run.

There are not a lot of options.  Having a good and cooperative Admin is probably the best start.


Kent

Yes, that is true, but our Auditors have asked us to find a way that block or journal or & the system from direct DB2 update, what could be the best solution for this problem? Could trigger be useful for this purpose?

If the admins are running SQL that updates your database, you should be able to find that in the log.

Is that sufficient for the auditors?


Kent

Could you please tell me how its possible to see the database transactions journal file, because I can not display them with DSPJRN command

alirezakaveh:

> ...I can not display them with DSPJRN command

Why not? That is, what happens? That is, is there an error when you try? are you not authorized to the command? are you not authorized to the journal? is there no journal associated with the files? is the journal empty? are you unable to determine which journal?

What problem are you seeing?

Tom