Managing security
You can define a security policy and create new users and security groups using the Security Manager. All groups have users as members.
A particular user can be a member of any number of groups, of any types. The user gains the properties defined for all the groups in which they are a member.
You can also set the other properties of database management groups, and change users' passwords or active status.
Creating a security policy
The security policy specifies rules for adding and changing passwords that apply only to user accounts with iBase user names - they do not apply to users that can log on with single sign-on. For further details, see Creating a security policy.
Types of security group
There are four different types of security group:
- Database Management
A database management group controls read, write, update, and delete permissions to, for example, entities, links, and folder objects. The properties are set in the Group dialog.
- System Command Access Control
A system command access control group denies access to specific iBase commands. This provides finer control over the actions a user can perform. Denied commands are typically hidden from the user. The properties are set in the System Commands Access Control dialog.
- Data Access Control
A Data Access Control (DAC) group controls permissions related to entities, links, and fields in each database. This allows a very fine control of how individual pieces of data are made visible to, or modifiable by, groups of users. The properties are set in the Data Access Control dialog.
- Folder Object Control
This has no management properties set in iBase Designer. Users define the usage for groups of this type, using the Categorize dialog and settings made in the Options dialog.
Creating users and groups
To create a new user:
Select Security > Security Manager.
Click the Users tab. The Users page is displayed listing any existing users.
Click New to display the User dialog where you can enter the user details. For further information, see Creating users.
To create a group:
Select Security > Security Manager.
Click the Groups tab. The Groups page is displayed listing any existing groups.
Click New to display the Group dialog where you can choose the type of group and define its properties. For further details, see Creating security groups.
Inspecting users and groups
To view the:
Database management permissions for a user: on the Users page, right-click on a user name, and from the shortcut menu, select User Permissions. See Checking user permissions for details.
Groups a user belongs to: on the Users page, double-click on the user name to list the groups. The user is inactive if there is no plus sign next to it.
Users belonging to a group: on the Groups page, double-click on the security group type, and then double-click on the particular group.
Editing and deleting users
You can edit and delete users on the Users page of the Security Manager dialog.
To make a user a member of additional groups, edit their database management permissions, or make them inactive:
Select Security > Security Manager.
On the Users page, select the user name.
Click Edit. See Creating users for details.
To remove a user's membership of one or more groups:
Select Security > Security Manager.
On the Users page, select the group.
Right-click, and select Remove.
Note: A user must belong to at least one group otherwise they will not be able to log on.
You can also delete a user and remove any record of this user from the database. For details of the consequences of deleting user accounts, see Creating users; you may prefer to make the account inactive instead.
Editing and deleting groups
You can do the following on the Groups page of the Security Manager dialog.
To add users to a group:
Select Security > Security Manager.
On the Groups page, locate the group by double-clicking on the appropriate type of security group and then select the group.
Click Edit to display the Group dialog. See Creating users for further details.
To remove users from a group:
Select Security > Security Manager.
On the Groups page, locate the group by double-clicking on the appropriate type of security group and then double-click on the group to lists its members.
Right-click on a user, and from the shortcut menu, select Remove.
To delete a group:
Remove all the users from the group as described above.
Select the group and click Delete.