More details on Paul's response
http://publib.boulder.ibm.com/infocenter/systems/scope/i5os/topic/rzarl/rzarllogical.htm
Basically they can only access the physical through various logical files
or views. And the views or logical files could use selection criteria.
The problem with this is you then end up having multiple logical files out
there with different security. So if you have 100 branches you end up
with 100 LFs against that physical (or more if your keen on different
sorting criteria). Think: Design for growth.
You could secure users out of the file altogether. Then the only way they
can access the data is through programs or stored procedure calls. These
would adopt the necessary authority to get into the data. These could
then determine programmatically what users have access to what records.
I know of one company that has secured users out of all files and the only
access is via programs and stored procedures. From what I hear, it's
quite common. Not the norm, mind you, but not rare as hens teeth.
Rob Berendt
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
