i can

Dawn May

Dawn May

Bookmark and Share

October 2014

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

« Three Years of 'i Can' | Main | Functional Usage Capabilities, Part 2 »

August 20, 2012


Where can I find detailed documentation that describes exactly what each of these FUNCTION IDs controls?
Does one of the available function IDs allow me to control interactive SQL usage. I have some users (new programmers, support people,etc. where I want to prohibit the DELETE, UPDATE, CREATE operations but allow a SELECT operation.

The options in WRKFCNUSG are also available in iNav. Right click on the system name and select Application Administration.

Alas, there are no capabilities to restrict types of SQL selections. However, if you don't allow your users to use STRSQL, but instead restrict them to STRQM you can
10. Work with Query Manager profiles
Page down to bottom.
Select allowed SQL statements
There you have the control requested.
Caution: If your users get into STRSQL, or iNav's "Run SQL Scripts" or any number of tools outside of STRQM these restrictions do not apply.

It's taken me a LONG time, but there's now an article on developerWorks about IBM i function usage capabilities along with a reference PDF that documents all the function usage IDs.

The article is "Granular security control with function usage" and can be found here -


The comments to this entry are closed.