Integrating DBA Security Into an Application

You can use DBA security features to provide security for any data source. A DBA security rule is comprised of the following attributes, the values of which can be static or variable.

The segments, fields, or ranges of data values to which the user access is restricted:

Static Security

In this option, the attribute values and the security rules are unchanging.

For example:

USER=LARRY, ACCESS=U, RESTRICT=FIELD, NAME=SALARY ,$

Considerations:

Additional administration and maintenance is incurred to keep the hard-coded values current.
Changes to metadata have to be planned to avoid disrupting the user community.

Dynamic Security

In this option, the security rule itself is unchanging, but the attribute values are parameter driven using the MFD_PROFILE feature or leveraging system variables. The variables are populated in real-time and are dynamically applied so it is not possible to inject or override values at run time.

For example:

USER=&FOCSECUSER, ACCESS=U, RESTRICT=FIELD, NAME=SALARY ,$
USER=&FOCSECGROUP, ACCESS=U, RESTRICT=FIELD, NAME=SALARY ,$

Considerations:

Reduced administration and maintenance to metadata. For example, if a user leaves the company or moves to a different department, there is no need to make changes to the metadata.
Changes to metadata have to be planned to avoid disrupting the user community.