Administrative users
You can create members of the default system administrators group and grant all administrative powers to members of that group. Alternatively, you can create new groups that divide administration into separate roles.
This section describes the roles, how to give each role to a group, and the common tasks that the roles enable a user to perform.
Roles
When you are editing a database management group, the administrative roles that are shown in the System Roles area of the Permissions page of the Group dialog are:
- Database Creator
- Database Administrator
- Security Administrator
Each of these roles can be given to a group by turning on the relevant checkbox, along with any wanted data or folder object permissions.
There is another specific role, System Administrator. This role is given to a user only by membership of a group in which all system roles (apart from Audit Administrator) and database permissions are given. That is, the System Administrator requires all the permissions from the Security Manager dialog, not just those in the System Roles area. The System Administrator has a few powers that are not available to any other combination of roles and database permissions, so is more powerful than you could predict by adding the individual roles or permissions.
There are various other combinations of roles that you can assign by turning on the checkboxes for more than one role, but these combinations work exactly as predicted by combination of the individual roles.
A description of the capabilities of users with assigned system roles, starting with none and ending with the most powerful, System Administrator is given below.
User with no system roles
- Log on to iBase Designer and log off.
- View their current user permissions.
- Create a security file.
- View the properties of the security file.
- Run these commands:
- Repair/Compact Security File, as long as exclusive access is obtained to the file.
- MRU List Manager
- Plug In Manager, depending on permissions defined in System Commands Access Control groups and file-level security permissions on the Settings.xml file.
- Options, modifying some of the settings in the Options dialog depends on file-level security permissions on the Settings.xml file.
Audit Administrator role
A user with this permission can view the records that are displayed and modified by other users who are defined as having a restricted audit log.
Database Creator role
Users with only this system role are not able to administer the new database. Therefore, this role is most useful when databases are created from templates.
- Create templates from databases secured by the current security file.
- Create new databases.
- Manage templates using the Template Manager, depending on file level security permissions.
- Create new databases.
- Create database subsets.
Security Administrator role
Users with only this system role can open the database and view the database schema but they cannot change it or view any records in the database.
- Move a security file.
- Modify the properties of the security file, such as the server details and security file identifier, in the Security File Properties dialog.
- Use the Security Manager.
- Produce a Security Design report.
- Upsize a security file to SQL Server.
- Create Database Design reports* and view database statistics*.
- Use Data Access Control*.
- Use System Commands Access Control.
- Open and close databases to allow the security administrator to perform the tasks marked with an asterisk (*) above.
- View the audit log.Note: The Audit Administrator role is also required to see the audit history of users with restricted audit logs, in iBase and in Audit Viewer.
Database Administrator role
- Open and close databases.
- View database properties and database statistics
- Upsize an iBase Access database to an SQL Server database.
- Check database and data integrity using Schema Integrity Check, Link Integrity Check and Valid End Types
- Work on the database schema, such as add entity types, fields, pick lists, and assign semantic types.
- Create Database Design reports
- Run Update Database Schema
- View records in iBase Designer
- Set up database functions (such as text search)
- Activate and run Bulk Import
- Purge and restore soft deleted records
- Initialize databases for mapping or database subsets
- Synchronize database subsets
Security Administrator and Database Administrator roles
- Update specific database properties, such as the audit level SQL Server details, and turn on case control.
- Create, modify, and delete SCC lists.
System Administrators
- Import and export data.
- Obtain the database password from the Advanced page of the Options dialog.
- See statistics for all the cases in a case-controlled database (even if they select a single case).
- Edit existing text in a Multi-Line Text (Append Only) field.
- Delete alert definitions belonging to other users, in particular alert definitions without owners (for example belonging to deleted users or users removed from cases).
- Select any case in a case-controlled database.
- See statistics for all the cases in a case-controlled database (even if they select a single case).