Re: Security for SQL functions

Again, I understand that, but it still seems like a different situation to me. If I have PGMA and PGMB, I can grant GROUPA authority to PGMA and GROUPB authority to PGMB. But if I have FUNCA and FUNCB, I don't see any way to grant GROUPA authority to
DROP FUNCA but not FUNCB, and GROUPB the opposite. It seems to me that if I can DROP one function, I can DROP all functions, so to prevent me from dropping FUNCA I'd have to be prevented from dropping any function.

Maybe that's okay with the OP, but it's not quite the same as "each function is an object" .....



Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx> writes:

Hi, Michael:

Take a look at:
DSPOBJAUT QSYS2/SYSROUTINE *FILE

Then you could use EDTOBJAUT or GRTOBJAUT or RVKOBJAUT to alter the
*PUBLIC authority and only grant *CHANGE authority to those whom you
want to be able to do those operations on this table. You may want to
create a group profile or authorization list to control who is able to
update this table.

(OS/400 object security applies to all objects, including database tables.)

Hope that helps,

Mark S. Waterbury

Mike Naughton
Senior Programmer/Analyst
Judd Wire, Inc.
124 Turnpike Road
Turners Falls, MA 01376
413-676-3144
Internal: x 444
mnaughton@xxxxxxxxxxxx
****************************************
NOTICE: This e-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that any use is
strictly prohibited. If you have received this e-mail in error, please notify us immediately by replying to it and then delete it from your computer.