Rob:

I am with Chuck on the idea of always using *PUBLIC *EXCLUDE as the default, so everything defaults to "secured" and then granting access only to what is needed, based on group profiles or individual user profiles, usually via authorization lists.

Suppose you were to delete the user profile ODBCUSER? That would revoke all authority to those schemas, etc.

(Of course, you might need to investigate if that user profile owns any other objects, etc., first...)

Then, recreate the ODBCUSER user profile and then just grant it authority to that one schema you want it to be able to access.

That should eliminate having to manually change the authority on "several hundred schemas" ...

HTH,

Mark S. Waterbury

> On 1/15/2016 9:03 AM, rob@xxxxxxxxx wrote:
Is there some way to say that if an ODBC user connects to your system they
are only allowed to query data from one particular schema (aka library)?

Due to a mess with security let's forego the thought of changing each of
the several hundred schemas to GRTOBJAUT ODBCUSER *EXCLUDE one at a time.

Normally I'm a big fan of securing the data itself and not trying to patch
each of the several dozen ways one can access that data. This is kind of
an audit thing. I'd really rather not go down this tangent and would
rather focus on how I can limit this user to one schema via ODBC.


Rob Berendt


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.