Viewing security settings and properties
The security files that are supplied with iBase are examples only. You should inspect the contents of these files, but create a new security file before you implement your own security scheme and creating databases.
Viewing the properties of a security file
Any user can review the properties of the security file:
In iBase Designer, select File Security File Properties.
The Security File Properties dialog displays the format of the security file and its location. If the security file is SQL Server format, it displays the connection details for the associated SQL Server database. See Creating an SQL Server Security File for further details.
Viewing the existing security settings
To view the existing settings in the security file:
In iBase Designer, log on to the security file for the relevant database. If your installation does not yet have a customized security file, you can view the one supplied with the iBase User Guide database. See About the User Guide Database.
Select Security > Security Manager. To display the permissions of a Database Management group, select the group and click Edit.
In an existing security file, other types of group might exist. To display their permissions, select one of these commands from the Security menu:
System Commands Access Control
Data Access Control
You can also produce a Security Design report:
Select Security > Security Design report.
Select the information to include in the report.
About the settings in a new security file
If you have a newly created a new security file, it has one administrative user called, SYSADMIN (with password SYSADMIN). This user has all database management permissions as a result of membership of the System Administrators group. The security file also contains a range of database management groups but no security policy.
Database management groups are necessary to all iBase databases. A user who does not belong to any database management group has only read-only permissions in the database. To grant a user additional permissions, you must add them as member of a database management group with the extra permissions they need.
There are three default database management groups. In the Security Manager, click the Groups tab to display these. You can display and edit the described permissions to match your own needs:
Group | Members of the group... |
---|---|
System Administrators | Have full database permissions. |
Users | Able to create and modify data, and perform analysis by creating and saving sets, queries, and so on. |
Guests | Cannot modify any data but can create and save analysis items. |
The default security file also contains optional System Commands Access Control groups. The following groups are defined (but these are examples only, and can be added to, changed or deleted as required):
Group | Members of the group can... |
---|---|
Browse Users | Run queries, search text, and chart data to Analyst's Notebook. In SQL Server databases, they can add alert definitions and view the history of records. |
Data Entry Commands | In SQL Server databases, they can add alert definitions and view the history of records. |
Read Only Users | Perform basic and advanced analysis that involves searching, defining queries, sets, and scored matching. In SQL Server databases, they can add alert definitions and view the history of records. |
Standard Users | Perform basic and advanced analysis, create records and define reports. |
Super Users | Perform all iBase tasks (including import, export, and manage cases), apart from destructive operations on groups of records: batch edit, batch delete, merging entities, purge, and restore soft deleted records. |
To view these groups, in iBase Designer, select Security > System Commands Access Control.