Checking user permissions
Each user's permissions are displayed in the User permission dialog, you use this dialog to check what actions can be performed in iBase. You can perform an action if there is a check mark in the box to the left of each action. These permissions are part of the database design; they cannot be changed in this dialog.
The following objects are folder objects, and are subject to the folder object permissions set
for the user account.
- Browse definitions
- Queries and Scored matching (definitions)
- Sets
- Report definitions
- Import and export specifications
- Import and export batch specifications
- Charting schemes
Note: Labeling schemes and alert definitions are not folder objects.
The user permissions are described below.
Permission | When turned on | When turned off |
Add Entity/Link Records | You can add new records to the database. | You can find, browse, and show the records in the database but you cannot add any new ones, either individually or by importing them. |
Update Entity/Link Records | You can edit records that you have added. | Once you have added a new record, you cannot change it in any way. This includes batch
editing, assigning new icons, and merging. Note: Users who can apply icon shading will also be able
to assign icons. |
Delete Entity/Link Records | You can delete records that you have added. | Once you have added a new record, you cannot delete it, either individually or by using batch delete. |
Update/Delete Entity/Link Records created by other users | You can edit and delete any record in the database. | You cannot edit or delete records created by other users. |
Add Folder Objects | You can add new sets, and save queries, report definitions, import specifications, and so on that you add yourself. | You can run queries, reports, and so on, either by using definitions created by other users or by using new definitions of your own. You cannot save your definitions. |
Update Folder Objects | For folder objects created by you, you can edit existing queries, report definitions, import specifications, and so on. You can also edit the contents of existing sets, including appending records to existing sets. | Once you have added a new folder object, you cannot edit it. |
Delete Folder Objects | You can delete folder objects that you added yourself. | Once you have added a new folder object, you cannot delete it. |
Update/Delete Restricted Folder Objects created by other users | You can update and delete restricted folder objects created by other users. | You cannot update or delete restricted folder objects created by other users. |
Update/Delete Public Folder Objects created by other users | You can update and delete public folder objects created by other users. | You cannot update or delete restricted folder objects created by other users. |
Database Creator, Database Administrator, Security Administrator | A system role that is only relevant when using iBase Designer. See below for details. | |
Audit Administrator | The Audit Administrator role is not administrative. Instead, it allows a user with this permission to view the records displayed and modified by other users who are defined as having a restricted audit log. |
Note: The folder objects actions (as in Add Folder Objects for example) apply to folder objects in
general. There is also access control on individual folder objects based on the membership of Folder
Object Control Groups.
There are three system roles:
- Database Creator
- Database Administrator
- Security Administrator
Note: Audit Administrator is not a system role.
These roles are not modified in any way by the other types of iBase security groups. As supplied, iBase gives all these roles to members of the System Administrators group, which is suitable where you intend a small number of people to be able to perform all roles including database design, security administration, and maintenance of data integrity in operational databases.
It is possible to create groups that partition the overall administration capability. For
example, you can create:
- Database Designers able to create database designs but not access data.
- Security Administrators able to create groups, manage users, and monitor audit logs, but not access data.
- Database Managers, able to change data and folder objects for the purposes of resolving conflicts, weeding or archiving old data, and generally maintaining the operational efficiency and relevance of a live database, but not manage users.