as400 security & .NET - IBM AS400

This is a discussion on as400 security & .NET - IBM AS400 ; We are deploying a .NET application against the AS400, but to do so, we need to build a security module that will be called by our applications. We need to provide "only" certain data to user, for instance, only users ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: as400 security & .NET

  1. as400 security & .NET

    We are deploying a .NET application against the AS400, but to do so,
    we need to build a security module that will be called by our
    applications. We need to provide "only" certain data to user, for
    instance, only users within a department can see that department's
    data, not every department's data. We also need to allow certain
    roles update / delete capabilities based on file/field while other
    roles can read only, so say the manager role can update costs, but non-
    manager roles can update them, and only super users can delete them
    (within their department). While we have been talking to a consultant
    about this, we are not able to get a solution for this functionality.
    How are others providing this? Does there need to be an AS400
    security package extending AS400 native security? (if so, what do you
    recommend) Or is this functionality natively provided for within the
    AS400, and if so, how do we tap into it. (I'm not an AS400 person -
    but have recently found myself in an AS400 shop. I'm told AS400
    database security does not work like standalone databases, where this
    desired functionality is straightforward provided). Thanks for any &
    all help.


  2. Re: as400 security & .NET

    On Aug 14, 8:47 am, ibcarolek wrote:
    > We are deploying a .NET application against the AS400, but to do so,
    > we need to build a security module that will be called by our
    > applications. We need to provide "only" certain data to user, for
    > instance, only users within a department can see that department's
    > data, not every department's data. We also need to allow certain
    > roles update / delete capabilities based on file/field while other
    > roles can read only, so say the manager role can update costs, but non-
    > manager roles can update them, and only super users can delete them
    > (within their department). While we have been talking to a consultant
    > about this, we are not able to get a solution for this functionality.
    > How are others providing this? Does there need to be an AS400
    > security package extending AS400 native security? (if so, what do you
    > recommend) Or is this functionality natively provided for within the
    > AS400, and if so, how do we tap into it. (I'm not an AS400 person -
    > but have recently found myself in an AS400 shop. I'm told AS400
    > database security does not work like standalone databases, where this
    > desired functionality is straightforward provided). Thanks for any &
    > all help.



    If your using ODBC to make the connection then you should be able to
    prompt users when making the connection to have a valid 400 profile
    and password. I am sure you could base it on all different kinds of
    security that might be in place using different OS's etc. We have
    done some basic .NET coding and have done it this way.


  3. Re: as400 security & .NET

    Although the necessary features may not exist under a distinct
    "roles" feature that may exist in another database(s), [many, most, all,
    or maybe more of] the same concepts and features exist to be implemented
    in a straightforward manner on a System i5 under i5/OS. The environment
    is different than other databases, so the tooling is different, mostly
    because the security is integrated into the object-based architecture.
    The system security model covers the database because the database is an
    integrated part of the i5/OS, so the tooling is primarily [user access]
    from the perspective of the OS vs the database [tooling]. A role can be
    established with a system user [a system user is a database user] that
    defines that role. To effect the "role", the user exists to be either a
    "group" or "supplemental group"; once the roles have been established
    then any user can be assigned to be a member of the defined roles. A
    VIEW can define column and row access; each TABLE is defined without the
    *OBJOPR object right so no direct access is allowed to the TABLE.
    Columns can also have authorities assigned where appropriate. There is
    also application based security. Triggers can complement or even I
    suppose fully implement security as desired.

    Regards, Chuck
    --
    All comments provided "as is" with no warranties of any kind
    whatsoever and may not represent positions, strategies, nor views of my
    employer

    ibcarolek wrote:
    > We are deploying a .NET application against the AS400, but to do so,
    > we need to build a security module that will be called by our
    > applications. We need to provide "only" certain data to user, for
    > instance, only users within a department can see that department's
    > data, not every department's data. We also need to allow certain
    > roles update / delete capabilities based on file/field while other
    > roles can read only, so say the manager role can update costs, but non-
    > manager roles can update them, and only super users can delete them
    > (within their department). While we have been talking to a consultant
    > about this, we are not able to get a solution for this functionality.
    > How are others providing this? Does there need to be an AS400
    > security package extending AS400 native security? (if so, what do you
    > recommend) Or is this functionality natively provided for within the
    > AS400, and if so, how do we tap into it. (I'm not an AS400 person -
    > but have recently found myself in an AS400 shop. I'm told AS400
    > database security does not work like standalone databases, where this
    > desired functionality is straightforward provided). Thanks for any &
    > all help.


  4. Re: as400 security & .NET

    On Tue, 14 Aug 2007 05:47:28 -0700, ibcarolek
    wrote:

    >We are deploying a .NET application against the AS400, but to do so,
    >we need to build a security module that will be called by our
    >applications. We need to provide "only" certain data to user, for
    >instance, only users within a department can see that department's
    >data, not every department's data. We also need to allow certain
    >roles update / delete capabilities based on file/field while other
    >roles can read only, so say the manager role can update costs, but non-
    >manager roles can update them, and only super users can delete them
    >(within their department). While we have been talking to a consultant
    >about this, we are not able to get a solution for this functionality.
    >How are others providing this? Does there need to be an AS400
    >security package extending AS400 native security? (if so, what do you
    >recommend) Or is this functionality natively provided for within the
    >AS400, and if so, how do we tap into it. (I'm not an AS400 person -
    >but have recently found myself in an AS400 shop. I'm told AS400
    >database security does not work like standalone databases, where this
    >desired functionality is straightforward provided). Thanks for any &
    >all help.



    One of the ways we are doing this is to have a fire wall on the
    iSeries (PowerLock from PowerTech). It can have generic, specific,
    and switched profiles. The switched profiles are the ones we use to
    control a group of users, i.e. everyone in Accounts Payable gets
    switched to the general Accounts Payable profile which then controls
    access to the data. The fire wall controls all non-iSeries access to
    the iSeries data via ODBC, JDBC, etc.

    Doug Belcher

+ Reply to Thread