Applying Database Administrator Security

In this section:

How to:

Reference:

You can secure Master Files on a file-by-file basis. For each data source, security can be maintained at two different levels.

Note: You cannot specify a Database Administrator (DBA) password during the Create Synonym process. You must use the Synonym Editor.

When security is specified, the Database Administrator or user, must enter a password to get access to the data source. When the DBA or user no longer needs access to the data source, you can delete their security.

Before adding any type of security to a data source, the Database Administrator must be aware of certain DBA guidelines. See DBA Guidelines.


Top of page

x
Procedure: How to Set Up Security for the Database Administrator
  1. In the Synonym Editor, click DBA from the Tools menu or click the DBA button from the Synonym toolbar.

    The DBA pane opens in the workspace, as shown in the following image.

    DBA Pane

  2. Right-click the file name in the DBA window and select Insert, then DBA.

    A default DBA password will be created for the Master File. You can change this value, delete it, add users to specify file restrictions, or add file names to specify data source-specific restrictions to the current data source. You can also specify a separate DBA file that contains DBA security restrictions.

    Note: When the password is created and the cursor is in that field, you can right-click and use the edit options to undo, select all, cut, copy, paste, or delete the password.


Top of page

x
Procedure: How to Set Up Security for the User
  1. In the DBA pane, right-click the DBA icon to insert user restrictions or specify a DBA file.
  2. Once you add a user you can continue to insert file access restrictions by right-clicking the user field and selecting insert.
  3. Select the type of access: Read, Write, Read/Write, or Update.
  4. Specify the type of restriction for each option: Restriction to Field, Value, Segment, Noprint, or Same Restriction.

    Note: The Same Restriction option is activated when there are multiple users.

  5. Click OK to save the Master File with the user password and restrictions.

Top of page

x
Reference: DBA Guidelines

You can ensure that the security restrictions you place on Master Files are correct by adhering to the following guidelines:


Top of page

x
Reference: DBA Pane

User Pane

The following options are available from the DBA pane when the DBA password is selected.

DBA password

By default, the DBA password is the same as the user ID used to connect to the reporting server. Using the Rename option from the DBA password Context menu, you may enter a different password of up to sixty-four characters. This is the password of the DBA who will be creating and maintaining the current data source. The DBA has full access to the data source and the corresponding Master File, controls the access rights of other users, and has encryption privileges. See Encrypting and Decrypting a Master File.

DBAFILE

Select the name of the Master File that contains your DBA security restrictions. Other Master Files can use the DBA security restrictions in this Master File.

Insert Filename

Enter the name of the Master File to which user security will be applied. This option is used to add data source-specific restrictions to the current data source. It includes a FILENAME attribute for the selected Master File. The FILENAME attribute in the referenced Master File must be the same as the FILENAME attribute in the DBA section of the current data source.

Insert Users

Enter the names (up to sixty-four characters) of users whose access rights will be granted for the current data source.

File Access

For user access, select one of the following options:

  • Choose Read for full viewing rights.
  • Choose WRITE to permit additions or changes to the data source.
  • Choose READ/WRITE for both of the above.
  • Choose UPDATE to permit changes to field values.
Restrictions: Segment, Field, Value, Noprint, Same

When the file access is selected, continue to select the type of restriction you wish to apply.

  • Choose Segment to grant access to all or individual segments.
  • Choose Field to grant access to all or individual fields.
  • Choose Value to limit access to values that meet a test condition. See Restricting Access to Segments, Fields, Field Values, and Noprint.
  • Choose Noprint to specify fields you do not want to display in a report.
  • Choose Same to apply the same restrictions as other users that are already set up.
Access Restrictions
  • User. Is the user name written to the Master File.
  • Name. Is the name of the Master File component selected (for example, the segment or field name).
  • Access. Is the type of access restriction.
  • Restrict. Is an option for File access restriction.
  • Value. Is the value for which to restrict access.

Top of page

x
Selecting the Type of Access

When you assign a user password, the type of file access and access restrictions options are available. You must specify at least the type of access the user is permitted to have for the data source. The type of file access can be specified in the File Access group on the DBA pane. In this group, there are four file access options:

The type of file access determines what a user can do to the entire data source:


Top of page

x
Restricting Access to Segments, Fields, Field Values, and Noprint

You can restrict access to segments, fields, field values, and Noprint fields in a Master File by specifying access restrictions for a user. When you specify what is to be restricted, such as segment, field, or value, you can then specify the type of access that will be restricted.

Right-click the file access restriction and select the Segment, Field, or Value, or Noprint option from the Context menu.


Top of page

x
Applying Security Restrictions for Multiple Users

How to:

You can specify restrictions for one user and apply the same restrictions to other users. This helps when you want to set the same restrictions for a group of users.



x
Procedure: How to Apply Previously Defined Restrictions to Another User
  1. In the DBA pane, right-click the DBA password and select Insert, then User.
  2. Right-click the newly added user and select Insert to specify the desired type of access restriction you would like to apply.

    Available access types are Write Access, Read/Write Access, and Update Access.

  3. Right-click an access type and select Insert, then Same Restriction.

    Note: The Same Restriction option is only available when there are multiple users. A drop-down combo box is activated in the Properties pane with a NAME attribute.

  4. Click the arrow on the drop-down combo box next to the NAME attribute in the Properties pane, and then select the user with the security restrictions that would apply to the new user.

    Security restrictions from the user selected in the drop-down combo box are applied to the new user. You can apply the security restrictions to other users by repeating steps 1 to 4.

    Note: You must have created at least one user security restriction to apply security restrictions to multiple users.


Top of page

x
Deleting a DBA or User Password

How to:

You can delete a DBA password or security for a user when it is no longer needed.



x
Procedure: How to Delete a User Password
  1. On the DBA pane, select the user password you wish to delete.
  2. Right-click and select Delete or press Delete on the keyboard.

If you delete the user based upon whom you have assigned security restrictions for other users, you must reset security restrictions for all users attached to the user you deleted.



x
Procedure: How to Delete a DBA Password

Deleting a DBA password will delete all user security for that data source.

On the DBA pane select the DBA password, then right-click and select Delete or press Delete on the keyboard.

All security information is removed.


Top of page

x
Encrypting and Decrypting a Master File

How to:

You may use the Encrypt and Decrypt attributes from the Synonym Editor to scramble and unscramble some or all of the contents of a data source. When you encrypt Master Files, they are secure from unauthorized examination.

Encryption at the data source level scrambles the entire contents of that Master File so it is unreadable. When you encrypt a Master File, you can decrypt it. Decrypting unscrambles the contents to its readable state.

Before you can encrypt or decrypt any Master File, you must specify the DBA password. If you do not specify a DBA password, you will not be able to encrypt or decrypt the file.



x
Procedure: How to Encrypt a Master File
  1. In the Synonym Editor, select DBA from the Tools menu or click the DBA button from the Synonym toolbar.

    The DBA pane opens.

  2. Create and save the Master File with the DBA password.
  3. From the Synonym Editor Field View tab, select a segment from the Master File hierarchy (left pane).

    The values for the selected segment appear in the Properties pane on the right.

  4. Select the ENCRYPT check box.

    Encrypt box

  5. Click Save from the File menu to encrypt the Master File.


x
Procedure: How to Decrypt a Master File
  1. At the encrypted segment level in the Master File hierarchy, clear the ENCRYPT attribute.
  2. Click Save from the File menu to decrypt the Master File.

WebFOCUS