VIEWS AND SECURITY - IBM Mainframe

As mentioned earlier views can be used to prevent users from accessing data that are not relevant to them. For example a view of the employee master table can be created without the confidential details like the salary and perks, the appraisal results, etc. This view can be used by the data entry clerks for getting information they need for their day-to-day activities. The same view can be used to update the columns like address if some changes occur. Thus view if used effectively can be an efficient security mechanism.

But one drawback of the view is that when a row is INSERTed or UPDATEd through a view, DB2 does not require the new or updated row to satisfy the view-defining condition. It is possible to impose such a restriction with WITH CHECK option. But if WITH CHECK option is not specified, the user can do an INSERT or UPDATE of any column of the base table, but ironically this wont reflect in the view. So the clerk in the personnel department can modify the salary details of any employee even though he cannot see the results of his actions.


All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

IBM Mainframe Topics