Using logical files to secure data

You can use logical files to prevent data in physical files from being read or changed.

You can use a logical file to prevent a field in a physical file from being read. This is accomplished by describing a logical file record format that does not include fields that you do not want the user to see.

You can also use a logical file to prevent one or more fields from being changed in a physical file by specifying, for those fields you want to protect, an I (input only) in position 38 of the DDS form.

You can use a logical file to secure records in a physical file based on the contents of one or more fields in that record. To secure records based on the contents of a field, use the select and omit keywords when describing the logical file.

To read data in a physical file through a logical file, you need object operational and read authorities to the logical file and read authority to the physical file.

To change (add, update, or delete) data in a physical file through a logical file, you need object operational and appropriate data authorities to the logical file and appropriate data authority to the physical file.

To change file authorities, you can use the Edit Object Authority (EDTOBJAUT) command.

The following example illustrates how logical files can be used to secure data:

1. Create a physical file.
   1. Enter DDS for physical file PF into source file DDSSRC. DDSSRC is in the SAMPLE library:

      |...+....1....+....2....+....3....+....4....+....5....+....6....+....7....+....8
      00010A          R FORMAT1
      00020A          F1              1A
      00030A          F2              1A
      00040A          F3              1A
      00050A          F4              1A

   2. Create PF in the SAMPLE library:

      CRTPF FILE(SAMPLE/PF) SRCFILE(SAMPLE/DDSSRC)

   3. Insert the following records into PF:

      INSERT INTO SAMPLE/PF VALUES('A', 'A', 'A', 'A')
      INSERT INTO SAMPLE/PF VALUES('B', 'B', 'B', 'B') 

2. Create a logical file to allow access to only some fields in the physical file.
   1. Enter DDS for logical file LF1 into source file DDSSRC:

      |...+....1....+....2....+....3....+....4....+....5....+....6....+....7....+....8
      00010A          R FORMAT1                   PFILE(SAMPLE/PF)
      00020A            F1
      00030A            F2 

   2. Create LF1 in the SAMPLE library:

      CRTLF FILE(SAMPLE/LF1) SRCFILE(SAMPLE/DDSSRC)

   3. Use the following SQL statement:

      SELECT * from SAMPLE/LF1

      Only data for fields F1 and F2 is returned.

3. Create a logical file to allow access to only the data that meets the specified condition in the physical file.
   1. Enter DDS for logical file LF2 into source file DDSSRC:

      |...+....1....+....2....+....3....+....4....+....5....+....6....+....7....+....8
      00010A          R FORMAT1                   PFILE(SAMPLE/PF)
      00020A            F1
      00030A            F2
      00040A          K F1
      00050A          S F1                        COMP(EQ 'A')

   2. Create LF2 in the SAMPLE library:

      CRTLF FILE(SAMPLE/LF2) SRCFILE(SAMPLE/DDSSRC) SRCMBR(LF1)

   3. Use the following SQL statement:

      SELECT * from SAMPLE/LF2

      Only records where F1 equals 'A' are returned.