Re: Not allowing update on a file

[Sam_L <lennon_s_j@xxxxxxxxxxx>]

Charles is probably right in that you have "menu security", which 
generally means that all of your files have *public *change authority, 
i.e. anyone who has a command line can change them.  This works as long 
as you control access by controlling access to your green screen menus. 
 But it tends to quickly fall apart once you open up remote access, 
e.g, from SQL Server.

In my last job we brought in exit point software, PowerTech Authority 
Broker to solve that.  In our case, no one was allowed to do any 
updating.  If you want someone to just be able to read, but others to 
update, then you need two OS/400 userids on which you connect.  So it 
does need someone who is knowledgeable on OS/400 security to make it work.

PowerTech isn't the only game in town--in my prior job we used Kisco 
Safenet (Big company, with two very experienced ISeries System Admins 
would did the setup and management.)  There are probably a couple of 
others in the market.

Incidentally, if your SQL server guys can update, they, and perhaps 
others, may also be able to update from Excel.

Sam

On 2/19/2016 10:09 AM, Charles Wilt wrote:
> Yep, that means everybody on your system is allowed to change the data in
> the file.
>
> My guess is you've got "menu security" in place.
>
> But as you've found, that doesn't do a thing for non-menu access methods.
>
> Changing *PUBLIC to *USE or better yet *EXCLUDE is what you need to do.
> But that will probably break your ERP.
>
> You've got 3 choices
> 1) Spend big $$$ bring in a security consultant to remediate the "menu
> security" into "object security"
> 2) Spend $$$ bringing in a (exit point) tool that will allow you to lock
> down what you need to without going all the way to object security.
> 3) Write your own tool.
>
> Given your lack of experience, I'd suggest bringing in an expert regardless
> of which way you go.
>
> Charles