Setting and maintaining user access rights

This topic describes how you can manage access to iBase by using features within iBase and also other measures outside of the control of iBase.

iBase application security

iBase provides the tools that are needed to set and maintain the access rights for groups of users, controlling what they can do within the application. One security file can control access to any number of databases. After a user has access to a database, they are subject to the following types of security:
  • Database-wide permissions, to read or alter data
  • Command access or denial
  • Usage monitoring, with audit logs
  • Folder object control, to provide private storage of analysis methods
An iBase SQL Server installation also supports Extended Access Control (EAC) that provides an extended range of Data Access Control features so that you can manage the degree to which users can manipulate data.

Security measures outside of iBase

There are measures must take outside of iBase to ensure that only authorized users access iBase and its data. The degree to which you want to exercise these external controls depends on your own data and environment. Managing the overall security of your system is likely to result in more administrative work. For this reason, it is important to apply only the degree of control that you need.

It is good practice to implement the controls that are discussed in this document incrementally to isolate the effect of each change. It is a necessary implication of managing access that some people are denied rights. For this reason, it is important that changes are tested and documented so that if anyone loses the ability to work with the database the cause can be easily established.

To fully control access to the data managed by iBase, you must to understand and implement:
  • Access to the network on which iBase runs
  • physical access to the iBase design and security features
  • logical access to the iBase design and security Features

Some of these features require that particular users or groups of users have user identities that provide direct or indirect access to iBase data. The number of such users must be restricted, and the identities and passwords are held securely.