Managing security

You can define a security policy and create new users and security groups using the Security Manager. All groups have users as members.

A particular user can be a member of any number of groups, of any types. The user gains the properties defined for all the groups in which they are a member.

You can also set the other properties of database management groups, and change users' passwords or active status.

Creating a security policy

The security policy specifies rules for adding and changing passwords that apply only to user accounts with iBase user names - they do not apply to users that can log on with single sign-on. For further details, see Creating a security policy.

Types of security group

There are four different types of security group:
Type Description
Database Management A database management group controls read, write, update, and delete permissions to, for example, entities, links, and folder objects. The properties are set in the Group dialog.

See Creating security groups for details.
System Command Access Control A system command access control group denies access to specific iBase commands. This provides finer control over the actions a user can perform. Denied commands are typically hidden from the user. The properties are set in the System Commands Access Control dialog.

See Setting up System Commands Access Control groups for details.
Data Access Control A Data Access Control ( DAC) group controls permissions related to entities, links, and fields in each database. This allows a very fine control of how individual pieces of data are made visible to, or modifiable by, groups of users. The properties are set in the Data Access Control dialog.

See Setting up Data Access Control groups for details.
Folder Object Control This has no management properties set in iBase Designer. Users define the usage for groups of this type, using the Categorize dialog and settings made in the Options dialog.

See Working with categories for details.

Creating users and groups

To create a new user:
  1. Select Security > Security Manager.
  2. Click the Users tab. The Users page is displayed listing any existing users.
  3. Click New to display the User dialog where you can enter the user details. For further information, see Creating users.
To create a group:
  1. Select Security > Security Manager.
  2. Click the Groups tab. The Groups page is displayed listing any existing groups.
  3. Click New to display the Group dialog where you can choose the type of group and define its properties. For further details, see Creating security groups.

Inspecting users and groups

To view the:
  • Database management permissions for a user: on the Users page, right-click on a user name, and from the shortcut menu, select User Permissions. See Checking user permissions for details.
  • Groups a user belongs to: on the Users page, double-click on the user name to list the groups. The user is inactive if there is no plus sign next to it.
  • Users belonging to a group: on the Groups page, double-click on the security group type, and then double-click on the particular group.

Editing and deleting users

You can edit and delete users on the Users page of the Security Manager dialog.

To make a user a member of additional groups, edit their database management permissions, or make them inactive:
  1. Select Security > Security Manager.
  2. On the Users page, select the user name.
  3. Click Edit. See Creating users for details.
To remove a user's membership of one or more groups:
  1. Select Security > Security Manager.
  2. On the Users page, select the group.
  3. Right-click, and select Remove.
Note: A user must belong to at least one group otherwise they will not be able to log on.

You can also delete a user and remove any record of this user from the database. For details of the consequences of deleting user accounts, see Creating users; you may prefer to make the account inactive instead.

Editing and deleting groups

You can do the following on the Groups page of the Security Manager dialog.

To add users to a group:
  1. Select Security > Security Manager.
  2. On the Groups page, locate the group by double-clicking on the appropriate type of security group and then select the group.
  3. Click Edit to display the Group dialog. See Creating users for further details.

To remove users from a group:
  1. Select Security > Security Manager.
  2. On the Groups page, locate the group by double-clicking on the appropriate type of security group and then double-click on the group to lists its members.
  3. Right-click on a user, and from the shortcut menu, select Remove.
To delete a group:
  1. Remove all the users from the group as described above.
  2. Select the group and click Delete.