Client Access ODBC

Aharrison

Member
Does anyone have a suggestion on how to secure the Client Access ODBC so it cannot write back to the 400 database through applications like Microsoft Access.

We do not want users updating data, however we need them to be able to write reports against the data with the ODBC.

Thanks
 
In ODBC Data Source Administration, on the Server tab, set the connection type to "Read-Only (Select statements only)."
 
Changing ODBC connection settings on the client may not be effective in environments where the user has access/authority to the ODBC connection manager since the users could change the connection setting to allow updates.

A more secure approach is to use either of the following on the iSeries (AS/400) server:
a) exit programs
b) object level security

I prefer object level security since this approach covers all situations whereas exit programs only address interfaces for which an exit program interface exists. In general, I change the *PUBLIC authority for all objects in a library to *NONE or (at best) *USE. Takes more work to get the application running and complicates development, but this makes me feel confident that only authorized activities are occurring.
 
Brent's right. Its a lot of work, but in return - you're bulletproof. And that's what the 400 is famous for.

Jen
 
We ended up writing some custom exit programs as well as using the object level security.

We had users with udpate authority to select tables via the iSeries interactively, but we didn't want to allow updates to the tables through ODBC.

Implementing both allowed us to keep our object level authorities in tact while further securing the data on the system from outside updates.

Roby
 
Back
Top