A Data Access Control ( DAC) group controls permissions related to entities, links, and
fields in each database. This allows a very fine control of how individual pieces of data are made
visible to, or modifiable by, groups of users.
About this task
Data Access Control Group Permissions control:
- Denying access or modification to all records for a particular entity type or link type.
- Hiding administrative fields in records or making administrative fields read-only to certain
groups of users.
- With SQL Server databases only, making selected records of various entity types or link types
inaccessible according to the security classification code (SCC) given to each record.
Data Access Control is specific to each database in which it is defined. Consider carefully how
you might want to use a scheme using this type of conditional access.
Important: After making changes to a Data Access Control group in a database that uses
alerting, log off and then reopen the database as soon as possible, in either iBase or iBase
Designer. This will apply the security changes to any existing alert definitions.
Procedure
- Open a database.
- Select .
- Use the Security Manager dialog to create one or more Data Access Control groups, and
assign users as members of those groups.
- Open the Data Access Control dialog. The dialog has two main areas, a list of security
groups on the left and a tabbed area on the right, with tabs for:
| Page | Notes |
|---|
| Tables |
List of check boxes and names of all the entity types and link types in the database. Each
name is of the form Type: Name, to show which type it represents. For example, the names might
include Entity: Account. If a check box is turned on then the named table (all records of that
named entity or link type) or field is denied to members of the selected security
group. |
| Fields |
List of check boxes and names for all the fields of all the entity types and link types in
the database. Each name is of the form TypeName: FieldName, to show which entity type or link type
contains the field. For example, the names might include Account: Account Type. In these pages,
standard fields appear separately for each entity or link type and you can control the appearance of
each standard field independently. Important: You will be warned if you deny access to a
mandatory field (or if you make a denied field mandatory). If you choose to deny access to this
field (or make a denied field mandatory), you will prevent members of the group from adding records
of the entity or link type. If a check box is turned on then the named field is denied to
members of the selected security group. |
| Read-Only Tables |
If a check box is turned on then the named table (all records of that named entity or link
type) or field is made protected from change by members of the selected security group. |
| Read-Only Fields |
If a check box is turned on then the named field is made protected from change by members of
the selected security group. |
| Security Classification Codes |
List of check boxes and names for all classification entries in all SCC code lists defined
in the database. If a check box is turned on then all records with that classification are denied
to members of the selected security group. (If any classification name appears in more than one SCC
list, the denial of records applies to all records with that classification regardless of the list
in which it appears.) |
Note: If you have opened an Access database, the dialog does not display the Security Classification
Codes tab. This is because iBase does not support this form of control for Access databases. For
this reason, there is some duplication of contents in these tabbed pages.
- To view the current configuration or to configure a group, first select the group in the
Security Groups list. Then click each tab to see the entries where the check boxes are turned on
and, if you wish, turn on or off various entries.
- Save the changes.
Results
The specified access will be applied.Note: The relationship to
database contents means that the full definition of a Data Access Control group is stored in two
parts. The name and membership of each group is stored in the security file. The restrictions on
members of each group are stored in the database.
To apply the same control to another database
controlled by the same security file, open that database and with the window of that database
active, enter the Data Access Control dialog. Your security groups will already exist so you need
only turn on the same check boxes to apply the same security.
