Showcase 9 Row Security is set to a specific user, but somehow the user bypasses the security when running queries. The user is a normal *USER class profile and does not have *ALLOBJ special authority.

Solution

Run Warehouse Manager client and search the Data Administrators for either the specific profile or *PUBLIC or a group profile that the user is a member of.

The purpose of a Data Administrator is to allow users to edit Showcase security, even if they aren't *ALLOBJ profiles. Thus, Data Administrators bypass Showcase security, because they are treated as though they are ShowCase security administrators.

With *ALLOBJ profiles, you can force them to use Showcase security from the Server Options. However, since a Data Administrator is already considered an override of a user profile's special authority, *ALLOBJ settings are ignored and the user is able to bypass security anyway.

If a customer has quite a few Data Administrators, or wants to create a report to show who is a Data Administrator, you can give them this SQL:

SELECT AIAPP, AIGRP, AIKEYWD, AIVALUE, AITYPE, AICHGALW, AIPID, AICHGID FROM SCSERVER.SCAPLINI WHERE AIAPP = '*SHOWCASE'

For the reasons given above, we highly recommend that customers use the Data Administrators setting with caution and only when there is no other alternative. See the Showcase 9 Administrator's Guide for more information on Showcase security and to help develop a security strategy.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: January 29, 2021