Administrative users

You can create members of the default system administrators group and grant all administrative powers to members of that group. Alternatively, you can create new groups that divide administration into separate roles.

This section describes the roles, how to give each role to a group, and the common tasks that the roles enable a user to perform.

Roles

When you are editing a database management group, the administrative roles that are shown in the System Roles area of the Permissions page of the Group dialog are:

  • Database Creator
  • Database Administrator
  • Security Administrator

Each of these roles can be given to a group by turning on the relevant checkbox, along with any wanted data or folder object permissions.

There is another specific role, System Administrator. This role is given to a user only by membership of a group in which all system roles (apart from Audit Administrator) and database permissions are given. That is, the System Administrator requires all the permissions from the Security Manager dialog, not just those in the System Roles area. The System Administrator has a few powers that are not available to any other combination of roles and database permissions, so is more powerful than you could predict by adding the individual roles or permissions.

There are various other combinations of roles that you can assign by turning on the checkboxes for more than one role, but these combinations work exactly as predicted by combination of the individual roles.

A description of the capabilities of users with assigned system roles, starting with none and ending with the most powerful, System Administrator is given below.

User with no system roles

Without any system role, anyone with an iBase Designer license can:
  • Log on to iBase Designer and log off.
  • View their current user permissions.
  • Create a security file.
  • View the properties of the security file.
  • Run these commands:
    • Repair/Compact Security File, as long as exclusive access is obtained to the file.
    • MRU List Manager
    • Plug In Manager, depending on permissions defined in System Commands Access Control groups and file-level security permissions on the Settings.xml file.
    • Options, modifying some of the settings in the Options dialog depends on file-level security permissions on the Settings.xml file.
Users without any system role cannot open the database in iBase Designer.

Audit Administrator role

A user with this permission can view the records that are displayed and modified by other users who are defined as having a restricted audit log.

Database Creator role

Users with only this system role are not able to administer the new database. Therefore, this role is most useful when databases are created from templates.

The Database Creator role is required to use iBase Designer to:
  • Create templates from databases secured by the current security file.
  • Create new databases.
  • Manage templates using the Template Manager, depending on file level security permissions.
The Database Creator role is required to use iBase to:
  • Create new databases.
  • Create database subsets.
Note: The Audit Administrator role is also required to see the audit history of users with restricted audit logs, in iBase and in Audit Viewer.

Security Administrator role

Users with only this system role can open the database and view the database schema but they cannot change it or view any records in the database.

The Security Administrator role is required to use iBase Designer to:
  • Move a security file.
  • Modify the properties of the security file, such as the server details and security file identifier, in the Security File Properties dialog.
  • Use the Security Manager.
  • Produce a Security Design report.
  • Upsize a security file to SQL Server.
  • Create Database Design reports* and view database statistics*.
  • Use Data Access Control*.
  • Use System Commands Access Control.
  • Open and close databases to allow the security administrator to perform the tasks marked with an asterisk (*) above.
This system role is also required to:
  • View the audit log.
    Note: The Audit Administrator role is also required to see the audit history of users with restricted audit logs, in iBase and in Audit Viewer.

Database Administrator role

The Database Administrator role is required to use iBase Designer to:
  • Open and close databases.
  • View database properties and database statistics
  • Upsize an iBase Access database to an SQL Server database.
  • Check database and data integrity using Schema Integrity Check, Link Integrity Check and Valid End Types
  • Work on the database schema, such as add entity types, fields, pick lists, and assign semantic types.
  • Create Database Design reports
  • Run Update Database Schema
  • View records in iBase Designer
  • Set up database functions (such as text search)
  • Activate and run Bulk Import
Note: Extra permissions are required for exporting and importing data (including Bulk Import). Both export and import require Add Entity/Link Records, Update Entity/Link Records and Update/Delete Entity/Link Records. Importing also requires Update/Delete Entity/Link Records created by other users
In iBase, this system role allows a user to:
  • Purge and restore soft deleted records
  • Initialize databases for mapping or database subsets
  • Synchronize database subsets
Note: The Audit Administrator role is also required to see the audit history of users with restricted audit logs, in iBase and in Audit Viewer.

Security Administrator and Database Administrator roles

Both the Security Administrator and Database Administrator roles are required to use iBase Designer to:
  • Update specific database properties, such as the audit level SQL Server details, and turn on case control.
  • Create, modify, and delete SCC lists.
Note: The Audit Administrator role is also required to see the audit history of users with restricted audit logs, in iBase and in Audit Viewer.

System Administrators

A user with all the system roles, apart from Audit Administrator, and all the database management permissions is referred to as the System Administrator. This user can use iBase Designer to:
  • Import and export data.
  • Obtain the database password from the Advanced page of the Options dialog.
  • See statistics for all the cases in a case-controlled database (even if they select a single case).
In iBase, this user can:
  • Edit existing text in a Multi-Line Text (Append Only) field.
  • Delete alert definitions belonging to other users, in particular alert definitions without owners (for example belonging to deleted users or users removed from cases).
  • Select any case in a case-controlled database.
  • See statistics for all the cases in a case-controlled database (even if they select a single case).
Note: The Audit Administrator role is also required to see the audit history of users with restricted audit logs, in iBase and in Audit Viewer.