Logical access to iBase (roles)

iBase application security provides three system roles to control a user’s access to the database design and administration functions in iBase Designer. To manage access, you need to ensure that users have the appropriate roles.

Descriptions of system roles

Role Description
Database Creator This role should only be granted to users who need to create databases.
Database Administrator This role allows a user to create and modify the definition of the database by adding, amending, and deleting the information that defines the entity and link types and the associated information. It also allows users to complete database administration tasks. A member of a group with this role can see the complete definition of the database and can view records. This is essential to allow a user to define and maintain the database.
Security Administrator This role allows a user to create and modify group definitions and their access settings. It also allows a user to use Audit Viewer to manage audit logs. Security administrators cannot list records in iBase Designer; but they can list records in iBase and show individual records.
A user who through group membership has all three roles along with the full set of database management permissions is known as a System Administrator and has rights to complete any task in iBase. For detailed information on setting up administrative users, see the Administration Center document Security Files, Users and Groups.

To design and administer the database, a user must be able to see the structure of the data. Any user to whom you grant access to iBase Designer using an iBase user name with a Database Administrator or System Administrator role is able to examine the entity and link types. An iBase System Administrator always has access to all of the data records to be able to check that changes they make are working as they expect. In contrast, an iBase Database Administrator can be denied access to all or specified records in iBase by a Security Administrator, but this might complicate database administration.

You should minimize the number of people who are given user accounts that include Database Administrator or Security Administrator roles.