Setting up System Commands Access Control groups

System Commands are types of actions that are carried out on the database. For example, adding records, performing types of search, or accessing database statistics. You can restrict access to types of actions, to members of specified security groups.

Before you begin

You must have the security groups available to assign the access control permissions. See Creating security groups.

About this task

For users in each security group, you can:

Deny use of iBase commands
Users can be denied access to iBase commands. This provides finer control over the actions a user can perform. It may also simplify the user interface for certain tasks, even if the commands are not denied by the user’s database management permissions.
Note: Commands that are denied are typically hidden; they are not displayed as unavailable. However, some denied commands may be displayed, should a user attempt to use them a message is displayed that they do not have the correct permissions.
Request the user to record the reason for use
Request a reason for using the command, then record the reason and action in the audit log.
Audit command groups
You can set iBase to audit specific types actions for members of a security group:
  • Search 360
  • Data Exposure
  • Charting
  • Analysis
Note: If no types are specified all actions will be audited following the audit level of the database.

Procedure

To set up System Commands Access Control:
  1. In iBase Designer, open the security file and login with administrator privileges.
  2. Select Tools > System Commands Access Control.
  3. Choose the Security Group to set the access controls for and set the permissions in the three access control type lists:
    • Access Denied - prevent members of the security group from accessing the specified action.
    • Reason for Action - require members of the security group to provide a reason for carrying out the action. The action, and the reason are subsequently stored in the audit log. If you turn on a command group in the Reason For Action page, there is no need to turn on the same command in the Audit page.
    • Audit - logs information about the types of action in the audit log at all audit levels, and to all databases accessed through the same security file.