Checking user permissions

Each user's permissions are displayed in the User permission dialog, you use this dialog to check what actions can be performed in iBase. You can perform an action if there is a check mark in the box to the left of each action. These permissions are part of the database design; they cannot be changed in this dialog.

The following objects are folder objects, and are subject to the folder object permissions set for the user account.

  • Browse definitions

  • Queries and Scored matching (definitions)

  • Sets

  • Report definitions

  • Import and export specifications

  • Import and export batch specifications

  • Charting schemes

Note: Labeling schemes and alert definitions are not folder objects.

The user permissions are described below.

Permission

When turned on

When turned off

Add Entity/Link Records

You can add new records to the database.

You can find, browse, and show the records in the database but you cannot add any new ones, either individually or by importing them.

Update Entity/Link Records

You can edit records that you have added.

Once you have added a new record, you cannot change it in any way. This includes batch editing, assigning new icons, and merging. (Note: Users who can apply icon shading will also be able to assign icons.)

Delete Entity/Link Records

You can delete records that you have added.

Once you have added a new record, you cannot delete it, either individually or by using batch delete.

Update/Delete Entity/Link Records created by other users

You can edit and delete any record in the database.

You cannot edit or delete records created by other users.

Add Folder Objects

You can add new sets, and save queries, report definitions, import specifications, and so on that you add yourself.

You can run queries, reports, and so on, either by using definitions created by other users or by using new definitions of your own. You cannot save your definitions.

Update Folder Objects

For folder objects created by you, you can edit existing queries, report definitions, import specifications, and so on. You can also edit the contents of existing sets, including appending records to existing sets.

Once you have added a new folder object, you cannot edit it.

Delete Folder Objects

You can delete folder objects that you added yourself.

Once you have added a new folder object, you cannot delete it.

Update/Delete Restricted Folder Objects created by other users

You can update and delete restricted folder objects created by other users.

You cannot update or delete restricted folder objects created by other users.

Update/Delete Public Folder Objects created by other users

You can update and delete public folder objects created by other users.

You cannot update or delete restricted folder objects created by other users.

Database Creator, Database Administrator, Security Administrator

A system role that is only relevant when using iBase Designer. See below for details.

Audit Administrator

The Audit Administrator role is not administrative. Instead, it allows a user with this permission to view the records displayed and modified by other users who are defined as having a restricted audit log.

Note: The folder objects actions (as in Add Folder Objects for example) apply to folder objects in general. There is also access control on individual folder objects based on the membership of Folder Object Control Groups.

There are three system roles:

  • Database Creator

  • Database Administrator

  • Security Administrator

Note: Audit Administrator is not a system role.

These roles are not modified in any way by the other types of iBase security groups. As supplied, iBase gives all these roles to members of the System Administrators group, which is suitable where you intend a small number of people to be able to perform all roles including database design, security administration, and maintenance of data integrity in operational databases.

It is possible to create groups that partition the overall administration capability. For example, you can create:

  • Database Designers able to create database designs but not access data.

  • Security Administrators able to create groups, manage users, and monitor audit logs, but not access data.

  • Database Managers, able to change data and folder objects for the purposes of resolving conflicts, weeding or archiving old data, and generally maintaining the operational efficiency and relevance of a live database, but not manage users.