Alerting security

Alerting complies with the security that you have set up for your iBase system and case-control (if used). This means that users cannot be added as subscribers to alert definitions that would give them access to denied records. Specifically, when a user adds an alert definition, the only users eligible to subscribe are users who can see the same (or a wider range of) records, entity types, link types, and fields as the user adding the alert definition.

Alert definitions are updated whenever group permissions are changed in the security file. This update occurs after exiting from iBase Designer and when any user next opens the database in iBase or iBase Designer. For this reason, after making security changes and logging off, reopen the database as soon as possible to apply the changes.

Changes to user permissions can mean two things:
  • If the user is a subscriber, then they are automatically unsubscribed from any alerts that monitor the denied item. This also means that the user can no longer view the details of any alerts already in their alerting Inbox.
  • If the user is the owner of the alert definition, then the alert definition is automatically deleted. This also means that subscribers can no longer view the details of any alerts already in their alerting Inbox.
No sensitive information is included in an email alert. The information is restricted to the name of the alert and the emails are recorded in the audit log.
You can also deny users the right to add alert definitions or the right to add alert definitions that send emails. In iBase Designer, select Security > System Commands Access Control command, and on the Access Denied page, turn on:
  • Alerting to deny permission to add alert definitions
  • Alert Email Notifications check box to deny the permission to send email alerts.
Note: Alerting applies only to records in the main database and not to any database subsets. However, when the database subset is synchronized with the main database, alerts will be raised in the usual way on any records that are modified as a result of the synchronization.
Attention: Exporting data as XML will not raise alerts because of the large volume of data that may be exported (potentially all the records in the database).