Managing security
You can define a security policy and create new users and security groups using the Security Manager. All groups have users as members.
A particular user can be a member of any number of groups, of any types. The user gains the properties defined for all the groups in which they are a member.
You can also set the other properties of database management groups, and change users' passwords or active status.
Creating a security policy
The security policy specifies rules for adding and changing passwords that apply only to user accounts with iBase user names - they do not apply to users that can log on with single sign-on. For further details, see Creating a security policy.
Types of security group
Type | Description |
---|---|
Database Management | A database management group controls read, write, update, and delete permissions to, for
example, entities, links, and folder objects. The properties are set in the Group dialog. See Creating security groups for details. |
System Command Access Control | A system command access control group denies access to specific iBase commands. This
provides finer control over the actions a user can perform. Denied commands are typically hidden
from the user. The properties are set in the System Commands Access Control dialog. See Setting up System Commands Access Control groups for details. |
Data Access Control | A Data Access Control ( DAC) group controls permissions related to entities, links, and
fields in each database. This allows a very fine control of how individual pieces of data are made
visible to, or modifiable by, groups of users. The properties are set in the Data Access Control
dialog. See Setting up Data Access Control groups for details. |
Folder Object Control | This has no management properties set in iBase Designer. Users define the usage for groups
of this type, using the Categorize dialog and settings made in the Options dialog. See Working with categories for details. |
Creating users and groups
- Select .
- Click the Users tab. The Users page is displayed listing any existing users.
- Click New to display the User dialog where you can enter the user details. For further information, see Creating users.
- Select .
- Click the Groups tab. The Groups page is displayed listing any existing groups.
- Click New to display the Group dialog where you can choose the type of group and define its properties. For further details, see Creating security groups.
Inspecting users and groups
- Database management permissions for a user: on the Users page, right-click on a user name, and from the shortcut menu, select User Permissions. See Checking user permissions for details.
- Groups a user belongs to: on the Users page, double-click on the user name to list the groups. The user is inactive if there is no plus sign next to it.
- Users belonging to a group: on the Groups page, double-click on the security group type, and then double-click on the particular group.
Editing and deleting users
You can edit and delete users on the Users page of the Security Manager dialog.
- Select .
- On the Users page, select the user name.
- Click Edit. See Creating users for details.
- Select .
- On the Users page, select the group.
- Right-click, and select Remove.
You can also delete a user and remove any record of this user from the database. For details of the consequences of deleting user accounts, see Creating users; you may prefer to make the account inactive instead.
Editing and deleting groups
You can do the following on the Groups page of the Security Manager dialog.
- Select .
- On the Groups page, locate the group by double-clicking on the appropriate type of security group and then select the group.
- Click Edit to display the Group dialog. See Creating users for further details.
- Select .
- On the Groups page, locate the group by double-clicking on the appropriate type of security group and then double-click on the group to lists its members.
- Right-click on a user, and from the shortcut menu, select Remove.
- Remove all the users from the group as described above.
- Select the group and click Delete.