Security Classification codes

With SQL Server databases only, you can choose to make selected entity or link records inaccessible according to the Security Classification (SC) code that is given to each record. Who can access records with specific Security Classification codes is determined by membership of a Data Access Control group. Each group denies members of the group access to specific SC codes.

Requirements for using  

To apply security on a record by record basis, and allow filtering by SC code:
  • Each entity or link type in the database requires a field of type Security Classification Code (SCC). You can add only one Security Classification Code field per entity or link type.
  • The classification levels that apply to entity and link records are defined as an SCC list, each classification level is represented as a Security Classification (SC) code. Multiple SCC lists can be added to the schema if different entity and link types use a different range of classification levels.
  • The SCC list must be assigned to the SCC field in the relevant entity and link types.

Security classification codes and cases

If you want to use SC codes to classify your data, then you cannot also use cases. If you decide that you need to partition your data by case, then the conversion to case-control removes all the SC codes in your database. For more information about cases, see Creating a Case-Controlled Database.

Restricting SCC lists to accessible items only

By default, an SCC list displays all the SC codes on the list regardless of the current access to records classified with those SC codes. All the codes are provided to allow users to add a record and select an SC code for it that then denies that user access to the record they entered or updated.
Note: The user continues to have access to the record while it remains listed on their screen.
To prevent users from entering records with SC codes that represent security levels that are denied to them:
  • Select iBase Designer > File > Database Properties > Advanced and turn on Restrict SCC lists to accessible items only.

SCC limitation in charting merged entities

When a chart contains denied entities or links, all the labels and data records for merged entities become available, including the labels and data records for denied entities and links. However, if the record is accessed in iBase, the message This record has been deleted is displayed.