Application security only protects information assets for users operating within the application. Without object level security in place, users could bypass application security by accessing data directly, without going into the application. Software tools like Query/400, JDBC, and SQL can be used for this purpose if not restricted.
This chapter contains these topics:
Oracle recommends that applications use the security enforcement mechanisms of the IBM i database as far as possible because this security cannot be bypassed. Set up authorization at the library level rather than individual file object level, where practical, to reduce the security administration workload.
Protect program objects from unauthorized recompilation by securing and/or removing source code from production systems, and by controlling the promotion path for changed programs. You should restrict programs that perform massive or risky updates from general user access.
Use program objects to securely perform tasks that users are not normally allowed to do. Use adopted authority to allow users to perform tasks that should be controlled via a program versus giving users authority via their user profile authority.