We use WebFOCUS to query our DB2 Tables on our mainframe using an ODBC Connection. We have RACF Security on our mainframe for database access.
We wanted to use the RACF security, but our company did not purchase the module or version which will enable us to do so.
We have WebFOCUS 4.3.6 SP 7 and have an "upgrade" to the new WebFOCUS version 5.2, but have not implemented yet.
Our Marketing/Finance Department has sensitive data, of course, with some users only allowed to view certain customers in a particular DB2 Table.
We need some ideas on how to enact security to:
1. Allow users to only query/view certain tables
2. Allow users to only view certain records of a table (field value level)
Ideas have been thrown around to utilize Intranet Sign-on, WebFOCUS sign-on, etc.
Right now, the immediate problem is if we allowed the access to the Marketing/Payroll files through WebFOCUS, anyone who can create a report would see those databases displayed from the list of databases to create a query from. Nothing is stopping them from selected those tables and do queries against.
If anyone's company has this particular situation, how is it being handled? Are some of the Exits in WebFOCUS being used to control table and field access? Are different servers set up for each department?
I know this is too broad of a subject, but maybe I can get into more detail if I need to.
It looks like the User Guide section: Implementing Data Source Security is what I am looking for.
Has anyone used this approach?
Example, from the Master File:
USER=BILL ,ACCESS=R ,RESTRICT=SEGMENT ,NAME=COMPSEG ,$
USER=JOHN ,ACCESS=R ,RESTRICT=FIELD ,NAME=SALARY ,$
If there are several tables that would have the same security, is there a way to read in this USER data without adding this to the bottom of each and every Master File? This would be tedious as employees are added or deleted.
You have two options, you could use DBAFILE, this will allow multiple MFD to share the same DBA rules. The other option would be to use the DBA Exit, with the exit you can choose where the rules are stored and accessed (i.e. a database)
|Powered by Social Strata|