Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

avoid running update command in DB2/400

Posted on 2008-11-04
8
Medium Priority
?
710 Views
Last Modified: 2013-12-06
Dear Experts,
What is the best way to avoid users running update command in DB2/400?
In the other side we dont want to make any conflict with the applications that run in AS/400.
Thanks
 
0
Comment
Question by:alirezakaveh
8 Comments
 
LVL 37

Expert Comment

by:momi_sabag
ID: 22875045
i don't understand the question?
what do you mean by users running update commands and what do you mean by conflict with applications?

if you don't want users to run update commands you have 2 options
1) dont' give them permissions to update the table
2) write a tool that can only perform select statements and let them use that tool

of course, option 1 is easier and safer
0
 

Author Comment

by:alirezakaveh
ID: 22875153
We have some AS/400 admin that are able to go to STRSQL screen and running the queries, I want to block their permissions for update commands not for other query options, meanwhile some programs are using  update command to make changes in the files, I just want to block some admin users from this task
0
 
LVL 46

Expert Comment

by:Kent Olsen
ID: 22875576
Admins are a particularly difficult group to contain.  By definition, they have access to nearly everything in the system.

Restricting them from an UPDATE or INSERT command won't happen.  You may be able to push your applications update logic into a stored procedure and have some logic in the SP determine if it is to run.

There are not a lot of options.  Having a good and cooperative Admin is probably the best start.


Kent
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:alirezakaveh
ID: 22876690
Yes, that is true, but our Auditors have asked us to find a way that block or journal or & the system from direct DB2 update, what could be the best solution for this problem? Could trigger be useful for this purpose?
0
 
LVL 46

Expert Comment

by:Kent Olsen
ID: 22876725
If the admins are running SQL that updates your database, you should be able to find that in the log.

Is that sufficient for the auditors?


Kent
0
 

Author Comment

by:alirezakaveh
ID: 22877283
Could you please tell me how its possible to see the database transactions journal file, because I can not display them with DSPJRN command
0
 
LVL 27

Expert Comment

by:tliotta
ID: 22888379
alirezakaveh:

> ...I can not display them with DSPJRN command

Why not? That is, what happens? That is, is there an error when you try? are you not authorized to the command? are you not authorized to the journal? is there no journal associated with the files? is the journal empty? are you unable to determine which journal?

What problem are you seeing?

Tom
0
 
LVL 36

Accepted Solution

by:
Gary Patterson earned 2000 total points
ID: 22889136
alirezakaveh:

If your system administrator's profiles have *ALLOBJ authority (most admins do), then they automatically have rights to update any file on the system.  
 
Auditing these changes is easier:

First, determine if the file(s) in question are being journaled.  You can use the DSPFD command t determine if the files are currently being journaled, and if so, what journal they are associated with.  If the files are not being journaled, you will need to set up journaling.  Refer to the Backup and Recovery guide for your veriosn of the OS for instructions on implementing journaling.  Be aware that journaling can generate a great deal of disk activity, disk space usage, and can have an impact on system performance.  I encourage you to get some expert assistance if you need to implement

Once you have the name of the journal, you can use the DSPJRN command to display the contents of the journal.

- Gary Patterson
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes a user will call me frantically, explaining that something has gone wrong and they have tried everything (read - they have messed it up more and now need someone to clean up) and it still does no good, can I help them?!  Usually the standa…
The article covers five tools all IT professionals should know about, as they up productivity by a great deal!
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question