|
| crtddmf |
 |
Fri, 18 Jan 2008 14:30:08 -050 |
CRTDDMF FILE(DDMLIB/RMTCAR) RMTFILE(SALES/CAR)
RMTLOCNAME(CHICAGO) TEXT('Chicago file SALES/CAR')
http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/ddm/rbae5
exiseries.htm
This is great but how do I make the DDMLIB/RMTCAR object as READ-ONLY. This
way the remote system cannot manipulate the data but just see the file for
query only purpses.
Is their any way to only do this for specified columns in a file.
|
| Post Reply
|
| Re: crtddmf |
 |
Fri, 18 Jan 2008 20:16:26 -050 |
I think you will have to manage the authority to the file on the CHICAGO
machine, so the connecting user profile has only *USE rights to the file
there.
If you want column level authority via DDM I think you would have to create
a logical file on CHICAGO that contained only the field to be seen.
Sam
"Robert" <robert@_No_Spam.Com> wrote in message
news:fmquns$1a86m$1@news.boulder.ibm.com...
> CRTDDMF FILE(DDMLIB/RMTCAR) RMTFILE(SALES/CAR)
> RMTLOCNAME(CHICAGO) TEXT('Chicago file SALES/CAR')
>
>
http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/ddm/rbae5
exiseries.htm
>
> This is great but how do I make the DDMLIB/RMTCAR object as READ-ONLY.
> This way the remote system cannot manipulate the data but just see the
> file for query only purpses.
>
> Is their any way to only do this for specified columns in a file.
>
|
| Post Reply
|
| Re: crtddmf |
 |
Sun, 20 Jan 2008 21:01:38 -050 |
>I think you will have to manage the authority to the file on the CHICAGO
>machine, so the connecting user profile has only *USE rights to the file
>there.
>
Rather than using the "connecting user profile" is their any way to
specify
anything from the REMOTE-MACHINE will be read-only
> If you want column level authority via DDM I think you would have to
> create a logical file on CHICAGO that contained only the field to be seen.
>
I actually tried a CREATE VIEW on the HOST and then attempted to create the
DDM on the REMOTE but it said cannot find the VIEW :-), did not try the
logical -- I will try that
|
| Post Reply
|
| Re: crtddmf |
 |
Sun, 20 Jan 2008 22:35:19 -060 |
Create a logical view [DDS LF or SQL VIEW] over the physical file [or
SQL TABLE] named SALES/CAR, where the logical definition includes only
the fields [SQL COLUMNS] that should be made visible to the requesting
system. Define the authority to the logical view *FILE object to
include only *USE authority; e.g. GRTOBJAUT SALES/CAR_VW *FILE *PUBLIC
*USE. Then specify that logical file as the RMTFILE() in the CRTDDMF.
If the ability to CRTDDMF is not limited on the source system, they
could create their own DDMFile to refer to the object with the data. If
that can not be limited, then the target system must also limit the
authority to the physical file. If the user name spans both the remote
and local systems for its activity, then an approach using exit programs
would likely be required; I have not thought too much about it. With
SNA it was simple, having the ability to make QUSER the access profile,
and thus limit that user; maybe there is a similar feature with TCP/IP
DDM? Hmmm.... I have left the thread active in my newsreader to follow
up sometime when I have more time.
Similar to the object level authority, there is the ability to set
column level authorities, but just like for object level, it is moot if
the users are the same, accessing the data on both remote and local.
There is a DDM exit point, database triggers [insert, update, and
delete to prevent those operations], open exit, and possibly others.
Regards, Chuck
--
All comments provided "as is" with no warranties of any kind
whatsoever and may not represent positions, strategies, nor views of my
employer
Robert wrote:
> CRTDDMF FILE(DDMLIB/RMTCAR) RMTFILE(SALES/CAR)
> RMTLOCNAME(CHICAGO) TEXT('Chicago file SALES/CAR')
>
>
http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/ddm/rbae5
exiseries.htm
>
> This is great but how do I make the DDMLIB/RMTCAR object as READ-ONLY. This
> way the remote system cannot manipulate the data but just see the file for
> query only purpses.
>
|
| Post Reply
|
| Re: crtddmf |
 |
Sun, 20 Jan 2008 22:50:37 -050 |
SQL cannot operate over DDM.
DDM operates by starting a servicing job on the remote machine. That job
runs under a profile that must be the same profile name as on the local
machine. I don't think you have any choice that authority must rely on the
authority on the remote machine.
You can use the CHKOBJ command on the local machine to check what authority
you have on the remote machine.
Sam
"Robert" <robert@_No_Spam.Com> wrote in message
news:fn0udu$1s826$1@news.boulder.ibm.com...
> >I think you will have to manage the authority to the file on the
CHICAGO
> >machine, so the connecting user profile has only *USE rights to the
file
> >there.
>>
> Rather than using the "connecting user profile" is their any way
to
> specify anything from the REMOTE-MACHINE will be read-only
>
>> If you want column level authority via DDM I think you would have to
>> create a logical file on CHICAGO that contained only the field to be
>> seen.
>>
> I actually tried a CREATE VIEW on the HOST and then attempted to create
> the DDM on the REMOTE but it said cannot find the VIEW :-), did not try
> the logical -- I will try that
>
>
|
| Post Reply
|
|
|
|
|
|
|
|
|
|