Showcase 9 Row Security is set to a specific user, but somehow the user bypasses the security when running queries. The user is a normal *USER class profile and does not have *ALLOBJ special authority.
Solution
Run Warehouse Manager client and search the Data Administrators for either the specific profile or *PUBLIC or a group profile that the user is a member of.
The purpose of a Data Administrator is to allow users to edit Showcase security, even if they aren't *ALLOBJ profiles. Thus, Data Administrators bypass Showcase security, because they are treated as though they are ShowCase security administrators.
With *ALLOBJ profiles, you can force them to use Showcase security from the Server Options. However, since a Data Administrator is already considered an override of a user profile's special authority, *ALLOBJ settings are ignored and the user is able to bypass security anyway.
If a customer has quite a few Data Administrators, or wants to create a report to show who is a Data Administrator, you can give them this SQL:
SELECT AIAPP, AIGRP, AIKEYWD, AIVALUE, AITYPE, AICHGALW, AIPID, AICHGID FROM SCSERVER.SCAPLINI WHERE AIAPP = '*SHOWCASE'
For the reasons given above, we highly recommend that customers use the Data Administrators setting with caution and only when there is no other alternative. See the Showcase 9 Administrator's Guide for more information on Showcase security and to help develop a security strategy.
