A Data Access Control ( DAC) group controls permissions related to entities, links, and
fields in each database. This allows a very fine control of how individual pieces of data are made
visible to, or modifiable by, groups of users.
About this task
Data Access Control Group Permissions control:
- Denying access or modification to all records for a particular entity type or link type.
- Hiding administrative fields in records or making administrative fields read-only to certain
groups of users.
- With SQL Server databases only, making selected records of various entity types or link types
inaccessible according to the security classification code (SCC) given to each record.
Data Access Control is specific to each database in which it is defined. Consider carefully how
you might want to use a scheme using this type of conditional access.
Important: After making changes to a Data Access Control group in a database that uses
alerting, log off and then reopen the database as soon as possible, in either iBase
or iBase Designer. This applies the security changes to any existing alert
definitions.
Procedure
- Open a database.
-
Select Security
>
Data Access Control.
- Use the Security Manager dialog to create one or more Data Access Control groups, and
assign users as members of those groups.
- Open the Data Access Control dialog. The dialog has two main areas, a list of security
groups on the left and a tabbed area on the right, with tabs for:
Page | Notes |
---|
Tables |
List of checkboxes and names of all the entity types and link types in the database. Each
name is of the form Type: Name, to show which type it represents. For
example, the names might include Entity: Account. If a checkbox is
turned on then the named table (all records of that named entity or
link type) or field is denied to members of the selected security
group. |
Fields |
List of checkboxes and names for all the fields of all the entity types and link types in
the database. Each name is of the form TypeName: FieldName, to show
which entity type or link type contains the field. For example, the
names might include Account: Account Type. In these pages, standard
fields appear separately for each entity or link type and you can
control the appearance of each standard field independently. Important: You are warned if you deny access to a mandatory
field (or if you make a denied field mandatory). If you choose to
deny access to this field (or make a denied field mandatory), you
prevent members of the group from adding records of the entity or
link type. If a checkbox is turned on then the named field
is denied to members of the selected security group. |
Read-Only Tables |
If a checkbox is turned on then the named table (all records of that named entity or link
type) or field is made protected from change by members of the selected
security group. |
Read-Only Fields |
If a checkbox is turned on then the named field is made protected from change by members of
the selected security group. |
Security Classification Codes |
List of checkboxes and names for all classification entries in all SCC code lists defined in
the database. If a checkbox is turned on then all records with that
classification are denied to members of the selected security group.
(If any classification name appears in more than one SCC list, the
denial of records applies to all records with that classification
regardless of the list in which it appears.) |
Note: If you have opened an Access database, the dialog does not display the Security Classification
Codes tab. This is because iBase does not support this form of control for Access databases. For
this reason, there is some duplication of contents in these tabbed pages.
-
To view the current configuration or to configure a group, first select the
group in the Security Groups list. Then click each tab to see the entries where
the checkboxes are turned on and, if you wish, turn on or off various
entries.
- Save the changes.
Results
The specified access will be applied.Note: The relationship to database contents means that the full
definition of a Data Access Control group is stored in two parts. The name and
membership of each group is stored in the security file. The restrictions on members
of each group are stored in the database.
To apply the same control to another
database controlled by the same security file, open that database and with the
window of that database active, enter the Data Access Control dialog. Your
security groups will already exist so you need only turn on the same checkboxes
to apply the same security.