In this section: |
The ACCESS attribute specifies what sort of access a user is granted. Every security declaration, except the DBA declaration, must have a USER attribute and an ACCESS attribute.
The following is a complete security declaration, consisting of a USER attribute and an ACCESS attribute.
USER=TOM, ACCESS=RW,$
This declaration gives Tom read and write (for adding new segment instances) access to the data source.
You can assign the ACCESS attribute one of four values. These are:
ACCESS=R |
Read-only |
ACCESS=W |
Write only |
ACCESS=RW |
Read the data source and write new segment instances |
ACCESS=U |
Update only |
Access levels affect what kind of commands a user can issue. Before you decide what access levels to assign to a user, consider what commands that user will need. If a user does not have sufficient access rights to use a given command, the following message appears:
(FOC047) THE USER DOES NOT HAVE SUFFICIENT ACCESS RIGHTS TO THE FILE: filename
ACCESS levels determine what a user can do to the data source. Use the RESTRICT attribute (discussed in Limiting Data Source Access: The RESTRICT Attribute) to limit the fields, values, or segments to which a user has access. Every USER attribute must be assigned an ACCESS attribute. The RESTRICT attribute is optional. Without it, the user has unlimited access to fields and segments within the data source.
Reference: |
The type of access granting use of various WebFOCUS commands is shown in the following table. When more than one type of access is shown, any type of access marked will allow the user at least some use of that command. Often, however, the user will be able to use the command in different ways, depending on the type of access granted.
Command |
R |
W |
RW |
U |
DBA |
---|---|---|---|---|---|
CHECK |
X |
X |
X |
X |
X |
CREATE |
|
|
X |
|
X |
DECRYPT |
|
|
|
|
X |
DEFINE |
X |
|
X |
|
X |
ENCRYPT |
|
|
|
|
X |
MATCH |
X |
|
X |
|
X |
REBUILD |
|
|
X |
|
X |
RESTRICT |
|
|
|
|
X |
TABLE |
X |
|
X |
|
X |
CHECK Command. Users without the DBA password or read/write access are allowed limited access to the CHECK command. However, when the HOLD option is specified, the warning ACCESS LIMITED BY PASSWORD is produced, and restricted fields are propagated to the HOLD file depending on the DBA RESTRICT attribute. See Limiting Data Source Access: The RESTRICT Attribute for more information on the RESTRICT attribute.
CREATE Command. Only users with the DBA password or read/write (RW) access rights can issue a CREATE command.
DECRYPT Command. Only users with the DBA password can issue a DECRYPT command.
DEFINE Command. As with all reporting commands, a user need only have an access of R (read only) to use the DEFINE command. An access of R permits the user to read records from the data source and prepare reports from them. The only users who cannot use the DEFINE command are those whose access is W (write only) or U (update only).
ENCRYPT Command. Only users with the DBA password can use the ENCRYPT command.
REBUILD Command. Only users with the DBA password or read/write (RW) access rights can issue the REBUILD command. This command is only for FOCUS data sources.
RESTRICT Command. Only users with the DBA password may use the RESTRICT command.
TABLE or MATCH Command. A user who has access of R or RW may use the TABLE command. Users with access of W or U may not.
The RESTRICT attribute keywords affect the resulting HOLD file created by the CHECK command as follows:
Fields named with the NAME parameter are not included in the HOLD file.
The segments named with the NAME parameter are included, but fields in those segments are not.
The behavior is the same as for the user named in the NAME parameter.
Fields named in the NAME or SEGNAME parameter are included since the user can reference these.
Fields named in the VALUE parameter are included since the user can reference these.
If you issue the CHECK command with the PICTURE option, the RESTRICT attribute keywords affect the resulting picture as follows:
Fields named with the NAME parameter are not included in the picture.
The boxes appear for segments named with the NAME parameter, but fields in those segments do not.
The behavior is the same as for the user named in the NAME parameter.
This option has no effect on the picture.
This option has no effect on the picture.