iBase files on the network (permissions)

The iBase security file and database are managed through the security (.ids) and database (.idb) files.

For Microsoft™ Access format security files and databases, the .ids and .idb files contain all the data in the iBase system (apart from the audit log data held in the .idl file). However, when you use the SQL Server format security file and databases, these files contain only the information that is required to connect to the SQL Server instance and databases. All other data is stored within the SQL Server databases.

For successful operation of iBase, all users need the ability to create and delete files in the folder that contains the security file and database. This is because iBase creates and deletes multi-user lock files in this folder.

It is important for both access control and normal system management that users are prevented from deleting the security (.ids) and database (.idb) files. You should apply security settings to these folders and files to prevent this.

The access permissions that are required on the iBase security file and database depends on whether Microsoft Access or SQL Server is in use for storing the data:

• It is necessary for iBase to write to the Access format security file whenever a user logs in to the security file because a Microsoft Access format security file contains the Security Audit log.
• When an SQL Server format security file is used, iBase only needs to write to the Microsoft Access connection file when the database properties or connection details are changed. This operation can be performed through iBase Designer or the Database Configuration utility by an iBase user with both the Security Administrator and Database Administrator roles only.

The following tables detail the permissions necessary on the folder, security file, and database files for the various configurations and roles in the iBase system.