I have a tech guy that needs to import some data from our iseries 520 into a database using SQL developers edition. He says that the credentials I have given him on the iseries side do not allow import. The username I have always used is QSECOFR. Are there some settings I can change on the iseries side of things to allow the security officer to have the import setting?
If this is a production system, then handing out QSECOFR credentials like this is a -terrible- security practice, and an invitation to disaster. This profile had virtually unlimited access to every object and function in the system and is enormous overkill when what it sounds like this process needs is read-only access to certain iSeries tables.
Using the QSECOFR profile, this user has the ability to alter the contents of any table in the system, clear table, delete tables, alter the layout of table (which could break other applications), and all kinds of bad things. This profile can be used to create other administrator-level profiles, access and delete security auditing details, and a long, long list of other privileged actions that should be strictly limited and monitored.
If you don't already have a user ID or group set up with *USE rights to the tables in question, then you should probably create a group profile with appropriate data rights, and then create an AS/400 user ID for this process, and make it a member of that group.
- Gary Patterson