Home » Products » Surveyor/400 » Security

Security

Surveyor/400 provides role-based access and extensive security controls

You are taking great risks if your users have ODBC connections to your IBM i (iSeries) through tools like MS Access or Excel. With unprotected ODBC connections, it is very easy for someone to access unauthorized data or accidentally change and delete database records. Surveyor/400 is a much better solution for providing access to IBM i data while maintaining database security and integrity.

A user must specify a valid IBM i User ID and password within Surveyor/400 to connect to an IBM i system. Surveyor/400 will honor any existing OS/400 user authorities specified for the objects and libraries on the system. In other words, if a user is not authorized to an object on the system, then they will not be able to access this object through Surveyor/400.

In addition to normal OS/400 security, Surveyor/400 allows an administrator to further restrict a user (or group of users) to specific:

  • Surveyor/400 features
  • Libraries
  • Database files
  • Fields within a Database file
  • Records within a Database file

For example, you can give a user the ability to view and download information from the IBM i, but restrict their access from changing or uploading data.

All connections to databases and work done through the terminal emulator in Surveyor/400 can be protected using SSL. Many companies have encryption policies in place to protect data. Protecting your connections not only helps with meeting security policies, but prevents anyone from gaining access to resources through an unsecured connections.

By creating custom File Layouts in the Surveyor/400 File Editor, you can hide fields and records within database files. These custom File Layouts can be granted to authorized users (or groups of users) for viewing, printing and exporting (downloading) database records.

Each IBM i machine (or LPAR) is configured with its own user authority settings. For instance, a Surveyor/400 user could be granted access rights to modify database records on a development box, but can be restricted from modifying database records on a production machine.