Journal logo

An Introduction to Row Column Access Control (RCAC) and Its Working in IBM iSeries?

Row and column access control working flow in IBM iSeries

By Integrative SystemsPublished about a year ago 4 min read

Field level security in IBM AS400 iSeries permits you to protect data in the legacy application without putting application stability at risk. The feature is implemented so that limiting the data access doesn't require much re-development and reduces the errors in complex application logic.

These specific securities present an essential chance to instantly safeguard vulnerable data in legacy applications without changing the application layer.

The field-level security introduced by IBM iSeries is known as Row Column Access Control (RCAC). The feature is launched for the 7.2 version, and it offers crucial options for organizations running IBM AS/400 iSeries, offering a practical tool without radically streamlining user access. RCAC is a simple and powerful feature that controls risks hovering under the radar and remains unknown to companies that have integrated IBM iSeries for a long time.

Row and column access control (RCAC) provide a data-centric option to maintain data security. It places access control around the data, and the generated SQL rules are based on its execution capabilities.

The blog will tell you about Row and column access control (RCAC).

The Advantages of RCAC in IBM iSeries

The old version of IBM iSeries only supported menu level security and only had options to control menus. Still, after having access to that part of the system, there was no option to integrated granular controls in that part of the system.

But RCAC has provided a solution to this, as it supports the database layer security. In the older version of IBM iSeries, the access permission was managed on menu level, i.e., a user will have access to whole data or none of it.

RCAC offers a more granular control feature so that users' entry on certain parts can be restricted or have valid login credentials to access that part.

The functionality is implemented through SQL-based rules applied on the database layer. Field permissions are checked whenever any query comes to the system, either internally from the IBM iSeries application or externally. If the appropriate user doesn't have the right to use a given row/column, their query will not receive any data from these regulated fields.

How RCAC Works

RCAC functionality can be activated after installing the IBM advanced data security (5770SS1) module for IBM iSeries:

1. Operators designated as database managers can allocate Row and column-level permissions for access.

2. Authorizations can be centred on the user or group for the role-based controller.

3. Authorizations can also be attached to temporary variables, such as the number of days entered by a given row and an account's total size or order.

4. Any number of instances can be increased in the same table, permitting for intersecting rules.

Implications for RCAC: Better Security control While Keeping Simple Access

Many older corporate applications were not designed with security at the field level in mind. However, data protection regimes such as GDPR, CCPA, and others increase the need for a much more robust data protection mechanism.

RCAC enables for exact extension of this security, limiting access to sensitive data without drastically reorganizing user access.

Notably, the original query does not provide an error message when access to a particular row/column is denied. Asterisks are returned instead. This ensures that the IBM iSeries program that accesses this data continues to function normally; only access to protected information is impacted. As a result, RCAC permissions enable a focused form of access.

This means RCAC permissions provide a targeted method for protecting sensitive data that doesn't require heavily modifying existing applications.

An option to keep this data safe is to implement a new table containing orders exposed to complex financial data and then alter the application to use the new table.

But this approach is costly and time-consuming in comparison to implementing some RCAC controls generally. In this scenario, secure access to a few sectors of financial data offers a clear path for data protection. And it does so without overturning a hypothetically complicated series of authorizations that works for sales, accounting, and customer support.

This ability to safeguard specific data without jeopardizing application stability brings up new possibilities for businesses looking to improve data security without re-designing data access across the board.

IBM iSeries AS400 presents a strong value proposition for enterprises looking for a simplified administrative workload for IT systems as a fully integrated enterprise technology platform. RCAC is ideal for this type of operation since it allows a single administrator to set up control fast and easily without jeopardizing the whole system's reliability.

The IBM iSeries implementation of RCAC is designed for the reality that changing data access rights for mission-critical systems can be complex and time-consuming.

I hope you have understood the importance of RCAC in the IBM iSeries. If you are still left with any queries, feel free to connect with the experts at [email protected].


About the Creator

Reader insights

Be the first to share your insights about this piece.

How does it work?

Add your insights


There are no comments for this story

Be the first to respond and start the conversation.

Sign in to comment

    Find us on social media

    Miscellaneous links

    • Explore
    • Contact
    • Privacy Policy
    • Terms of Use
    • Support

    © 2023 Creatd, Inc. All Rights Reserved.