Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 7 Managing Object Set Security : Object Set Permissions

Object Set Permissions
Managing Permissions to Objects in an Object Set
Accessing the Manage Object Set Permissions Screen
To create an Object Set Permission List from the Security Management main menu, position your cursor beside the ObjectSet Permissions field and do one of the following:
Press PF2 to display a list for selection. Type an S in the line command field next to the desired object set name and press PF3. When the selected name appears in the ObjectSet Permissions field, press Enter.
Using either method causes the Manage Object Set Permissions screen, illustrated below, to appear. If you are defining an object set on the Define Objectset screen, you can save your definition and transfer to this screen by pressing PF4.
Manage Object Set Permissions Screen

 
 
Command ===>
------------------------------------------------------------------------------
MANAGE OBJECTSET PERMISSIONS: DOCORDERENTRY
------------------------------------------------------------------------------
Description: Document Order Entry + Production Creator: PROJMGR8
 
_ Tables _ Screens _ Reports _ Libraries
---------------- ---------------- ---------------- ----------------
DOCBODY DOCMAINTENANCE DOCPACKINGLIST
DOCFOOTER DOCORDERENTRY
DOCHEADER
DOCORDER
DOCPICKINGLIST
DOCRPTHEADER
 
PFKEYS: 1=HELP 6=PARMS 3=SAVE 12=CANCEL

 
Data Displayed
The Manage ObjectSet Permissions screen displays objects belonging to the object set for which access permissions are set. If accesses are not set for an object, it does not appear on the list. The objects are arranged by object type. You can vertically scroll individual lists by positioning the cursor beside the object type and pressing PF7 to scroll up or PF8 to scroll down.
Fetching Objects from the Object Set Definition
To retrieve any or all of the securable objects in the object set, enter the primary command FETCH in the primary command field of the Manage ObjectSet Permissions screen. You can specify an asterisk (*) to retrieve all objects or specify the object type (libraries, reports, screens, or tables) to retrieve objects of a specific type. For example:
Command ===> FETCH screens
The object fields in the screen for the object(s) you are retrieving must be empty before you can use this command.
Fetching Component Tables
Component screen tables and report tables are not automatically retrieved when you issue the FETCH command for screens or reports. All component tables that you want to secure must first be defined in the object set (they are not automatically included in the definition). To retrieve component tables, issue the FETCH command, specifying the table object type.
See Also
TIBCO Object Service Broker Application Administion for details about the Object Set Definer.
Adding and Updating Permissions for Object Types
Adding, Changing, and Deleting Permissions
To add, change, or delete object permissions for each object type to be included, use the following PF keys to display a Specify Permissions screen:
The Specify Permissions screen, illustrated below, displays existing object permissions. You also use it to specify:
Specify Table Permissions Screen
Use the Specify Table Permissions screen to specify permissions for a table object type. Each object type (library, report, screen, and table) has its own Specify Permissions screen. The layout of this screen is similar for each object type.

 
------------------------------------------------------------------------------
SPECIFY TABLE PERMISSIONS FOR OBJECTSET: DOCORDERENTRY
------------------------------------------------------------------------------
 
Table Parms Access Modes Required TABLE
Name READ INS REPL DEL DEF_VIEW DEF_PRM MOD_DFN VIEW_DEFN CTRL
--------------- - - - - - - - - - -
DOCBODY Y Y Y Y Y N N N N
DOCFOOTER Y Y Y Y Y N N N N
DOCHEADER Y Y Y Y Y N N N N
DOCORDERITEMS Y Y Y Y Y N N N N
DOCPICKINGLIST Y Y Y Y Y N N N N
DOCRPTHEADER Y Y Y Y Y N N N N
DOCUMENTMASTER Y Y Y Y Y N N N N
PFKEYS: 1=HELP 6=PARMS 3=SAVE 12=CANCEL

 
Specifying Objects and Accesses
To specify the objects to be included in your permissions list and the corresponding accesses, complete the following steps:
1.
2.
For a complete description of the allowed access modes, refer to Task E: Set Accesses.
3.
Component tables do not inherit the access permissions assigned to their parent.
4.
Specifying Parameter Values
If you include a parameterized data table, you can specify whether you are referring to either:
For example, you decide to allow wide access to the entire table and then restrict access to selected table instances (or vice versa). Your permissions list would then include permissions for the entire table as well as permissions for specific table instances.
If you specified the entire table, you can select any of the table access modes. If you specified a particular table instance, you can specify only modes that pertain to data access (that is, READ, INSERT, REPLACE, and DELETE).
Steps Required
For each parameterized table, complete the following steps:
1.
2.
3.
Or set ALL DATA to N and provide the parameters for the table instance you want to select.
4.
Saving Changes
To save this table specification, press PF3. The specification is not actually saved until you press PF3 from the Specify Permissions screen. Do not press PF12 to exit, unless you want to discard all the object permissions you just entered.
Specifying Control Permissions
If you specify control permissions in the object set permissions list, the following conditions apply:
The object set can be enabled only by users who have ownership privilege on the objects for which control permission is given. Only the owner, the owner’s security administrator, and a system administrator have ownership privilege on the object.
Adding and Updating User ID and Group Accesses
Who Can Specify User ID and Group Accesses?
Before you can enable an object set, you must specify which user IDs and groups should be permitted the accesses that you specified. You can update an object set membership list only if you have:
Invoking the Enable/Disable Object Set Screen
To specify user ID and group accesses to object sets, from the Security Management main menu position your cursor beside the ObjectSet field and do one of the following:
Press PF2 to display a list for selection. Type an S in the line command field next to the desired name and press PF3. When the selected name appears in the field, press Enter.
Using any of these methods causes the Enable/Disable Object Set screen, shown below, to appear.
Sample Enable/Disable Screen
From the Enable/Disable Screen you can create the list of user IDs or groups that you are allowing access to your object set. This screen also indicates if the object set is enabled or disabled. For more information about this state refer to Enabling and Disabling Object Sets.

 
------------------------------------------------------------------------------
Enable/Disable ObjectSet DOCORDERENTRY
------------------------------------------------------------------------------
NOTE: This objectset is currently DISABLED ; will be DISABLED on SAVE
_ Name User or Group
(USERID | GROUP) Description
---------------- ----------------------------------------
STORES5G ALL DEPARTMENT STORE LOCATIONS
TELMKT12 TELEMARKETING - NORTHERN UNIT
TELMKT18 TELEMARKETING - EASTERN
PFKEYS: 1=HELP 6=USERIDS 9=GROUPS 21=VIEW 3=SAVE 5=ENABLE/DISABLE 12=CANCEL

 
Creating the Membership List
To create a membership list, do one of the following:
You can position your cursor on the name of a group and press PF21 to view and select the users from a security group.
Deleting User ID and Group Access to Object Sets
To delete a user ID or group from the object set membership list, overtype the name with spaces or clear the field.
Saving Changes
Before you save the list, you must decide whether or not you want the object set enabled or disabled. For more information on enabling or disabling object sets, refer to Enabling an Object Set and Disabling an Object Set.
To save changes, press PF3. This saves the list and exits the screen. To save any object set to be enabled, you must have at least one member listed.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved