Two ODBC Security Questions

[Guest.Visitor]

We use CA 95/NT in TCP/IP environment and I am starting to use the ODBC 32 bit driver 5.00 to get data down to the desktop. Several ???s: 1. Can you update/delete records on the AS400 from the PC when you retrieve them via ODBC into a windows package like Office97 or are all files read-only? A few years ago at another place I found I was updating records on the 400 thru Access, however now when I do the same thing all files are unchanged. 2. What is proper security for end-users to prevent them from changing records? If I create a profile with read only data authorities to the library and force them to use that with ODBC, would that do it? Marv

[Guest.Visitor]

>1. Can you update/delete records on the AS400 from the PC when you retrieve them via ODBC into a windows package like Office97 or are all files read-only? A few years ago at another place I found I was updating records on the 400 thru Access, however now when I do the same thing all files are unchanged.<< It depends on which ODBC driver you are using. Some ODBC drivers are read only, the others allow update. CLient Access has both kinds, but I believe the default package installs the read only version.

>2. What is proper security for end-users to prevent them from changing records? If I create a profile with read only data authorities to the library and force them to use that with ODBC, would that do it?<<

The two most widely discussed methods are to use an Adopted authority scheme that only allows updates via a stored procedure, or to implement exit programs that regulate update ability from network interfaces. You can write your own or buy one of the several that are available in the marketplace. I'm not quite sure how you could "force" them to only use your read only program. If they know a valid user profile (that has *CHANGE authority to the data) and a password, anyone could sign on and change data jte