IBM Support

RESTRICT ON DROP

News


Abstract

Database files are at the heart of the business for many IBM i clients. While specific authorization requirements exist to be able to delete any object on the IBM i, database files, functions, and procedures can now enjoy an added layer of protection from accidental or malicious delete actions.

Content

RESTRICT ON DROP is an attribute that can be added or removed using the ALTER TABLE (SQL) statement. When RESTRICT ON DROP is added, nobody will be allowed to delete or drop that file. Even users with *ALLOBJ user special authority will not be allowed to delete the file.

This protection can be used to protect SQL Tables and DDS-Created Database Physical Files.

If a valid situation exists where the file needs to be deleted, the ALTER TABLE (SQL) statement can be used to remove RESTRICT ON DROP.

The RESTRICT ON DROP support has been extended to include SQL-defined functions and procedures.

Enhanced with IBM i 7.5 SF99950 Level 4:

  • Add WITH RESTRICT ON DROP support for database SQL & External routines (procedures and functions)
Enhanced with IBM i 7.5 SF99950 Level 1:
  • Add RESTRICT ON DROP support for database files

See the SQL Reference for details:
CREATE TABLE and ALTER TABLE

image-20230407123702-1
image-20230407130120-2

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CHeAAM","label":"IBM i Db2"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.5.0;and future releases"}]

Document Information

Modified date:
10 April 2023

UID

ibm16575527

Page Feedback