|
How to: |
|
Reference: |
The DBASOURCE parameter determines which security attributes are used to grant access to multi-file structures. By default, access restrictions are based on the host file in a JOIN structure or the last file in a COMBINE structure. If you set the DBASOURCE parameter to ALL, access restrictions from all files in a JOIN or COMBINE structure will be enforced.
Note: You can also create and implement a DBAFILE to contain and enforce the access restrictions from all files in a JOIN or COMBINE structure. For information about using a central Master File to contain access restrictions, see Placing Security Information in a Central Master File.
The SET DBASOURCE command can only be issued one time in a session or connection. Any attempt to issue the command additional times will be ignored. If the value is set in a profile, no user can change it at any point in the session.
When DBASOURCE=ALL:
When DBASOURCE=HOST:
SET DBASOURCE = {HOST|ALL}
where:
Enforces access restrictions only from the host file in a JOIN structure or the last file in a COMBINE structure unless a DBAFILE is used to enforce access restrictions to other files in the structure. HOST is the default value.
Requires the user to have read access to every file in a JOIN or COMBINE structure. The user needs W, U, or RW access to a file in a COMBINE structure when an INCLUDE, UPDATE, or DELETE command is issued against that file.
(FOC32575) DBASOURCE CANNOT BE RESET VALUE WAS NOT CHANGED
The following request joins the TRAINING data source to the EMPDATA and COURSE data sources and then issues a request against the joined structure:
JOIN CLEAR * JOIN COURSECODE IN TRAINING TO COURSECODE IN COURSE AS J1 JOIN PIN IN TRAINING TO PIN IN EMPDATA AS J2 TABLE FILE TRAINING PRINT COURSECODE AS 'CODE' CTITLE LOCATION AS 'LOC' BY LASTNAME WHERE COURSECODE NE ' ' WHERE LOCATION EQ 'CA' OR LOCATION LIKE 'N%' END
When the Master Files do not have DBA attributes, the output is:
LASTNAME CODE CTITLE LOC
-------- ---- ------ ---
ADAMS EDP750 STRATEGIC MARKETING PLANNING NJ
CASTALANETTA EDP130 STRUCTURED SYS ANALYSIS WKSHP NY
AMA130 HOW TO WRITE USERS MANUAL CA
CHISOLM EDP690 APPLIED METHODS IN MKTG RESEARCH NJ
FERNSTEIN MC90 MANAGING DISTRIBUTOR SALE NETWORK NY
GORDON SFC280 FUND OF ACCTG FOR SECRETARIES NY
LASTRA MC90 MANAGING DISTRIBUTOR SALE NETWORK NY
MARTIN EDP130 STRUCTURED SYS ANALYSIS WKSHP CA
MEDINA EDP690 APPLIED METHODS IN MKTG RESEARCH NJ
OLSON PU168 FUNDAMNETALS OF MKTG COMMUNICATIONS NY
RUSSO PU168 FUNDAMNETALS OF MKTG COMMUNICATIONS NY
SO BIT420 EXECUTIVE COMMUNICATION CA
WANG PU440 GAINING COMPETITIVE ADVANTAGE NY
WHITE BIT420 EXECUTIVE COMMUNICATION CA Now, add the following DBA attributes to the bottom of the TRAINING Master File:
END DBA = DBA1,$ USER = TUSER, ACCESS =R,$
Running the same request produces the following message:
(FOC047) THE USER DOES NOT HAVE SUFFICIENT ACCESS RIGHTS TO THE FILE: TRAINING BYPASSING TO END OF COMMAND
Now, issue the following SET PASS command:
SET PASS = TUSER
Add the following DBA attributes to the bottom of the COURSE Master File:
END DBA = DBA1,$ USER = CUSER, ACCESS = R,$
Add the following DBA attributes to the bottom of the EMPDATA Master File:
END DBA = DBA1,$ USER = EUSER, ACCESS = R,$
Note that the DBA attribute has the same value in all of the Master Files.
Now, run the request again. There will be no security violation, and the report output will be generated. Since the DBASOURCE parameter is set to HOST (the default), you can run the request using a password that is valid only in the host file.
Now, set the DBASOURCE parameter to ALL:
SET DBASOURCE = ALL SET PASS = TUSER
Running the request produces the following message because TUSER is not a valid user for the COURSE data source:
(FOC052) THE USER DOES NOT HAVE ACCESS TO THE FIELD: CTITLE
Now, issue the following SET PASS command that sets a valid password for each file in the structure:
SET PASS = TUSER IN TRAINING, CUSER IN COURSE, EUSER IN EMPDATA
You can now run the request and generate the report output.
Once SET DBASOURCE command has been issued, its value cannot be changed. The following SET command attempts to change the value to HOST, but the query command output shows that it was not changed:
> > set dbasource = host (FOC32575) DBASOURCE CANNOT BE RESET VALUE WAS NOT CHANGED