IBM Support

Security and iBase Subsets

Question & Answer


Question

iBase is offering (from iBase V9.0.x) 2 versions of Database Subsets :
 - the "Normal" Subsets, which is in Access format
 - the "Advanced" Subsets, which is in SQL Server format
How is the Security from the main iBase database transfered to the Subset ?

Answer

In iBase, there are 4 groups of Security, each one being represented by a key with a different color :
  • The Yellow Key : Database Management
  • The Green key : System Command Access Control
  • The Red key : Data Access Control
  • The Blue Key : Folder Object Control.
This is from the iBase online help :
image 8777
For each security group, you can define different Groups, and you assign users to each group.
Normal iBase Subsets

When you create a "Normal" subset (in Access format), you have to create your own IDS file, where you define your own user (which is of course will have Admin rights on the DB, and can do what he wants).

Please note that as you create your own User, be default, SYSADMIN/SYSADMIN won't work (unless of course you define that the user will be called SYSADMIN, but this would be a bad idea)

This IDS only includes this user, and does not include the Security Groups that you may have created (Yellow, Green, Red and Blue keys). And of course, this means that you "lost" all the security that was defined in the Master iBase DB.

But of course, when you generated the normal Subset, you were under the Master DB security, wich means that if your account couldn't see some Entity/Link types or fields, those information was not sent to the Subset.

But if your user has Read-only rights on some fields, for example, then it's no more the case on the Subset.

But this will not have an impact on the Master DB when synchronizing, as you won't be able to synchronize the values of these read-only fields.

Advanced iBase Subsets

With the Advanced Subset, you really work in a copy of the Master DB, keeping all the Security configuration from the Master DB.

This means that all the Security groups (Yellow, Green, Red and Blue keys) are still present in the Security file, and your user for the Advanced Subset will be the same as the one on the Master database (and of course, your user will have the same rights and same restrictions)

More information on the iBase Security

The IDS file will store :

  • The list of iBase Users
  • The Names and configurations of the Yellow Keys
  • The Names and configurations of the Green Keys
  • The Names of the Red Keys (but NOT the configuration)
  • The Names of the Blue Keys (but NOT the configuration)
  • The relation between the Users and the 4 security Groups (Yellow, Green, Red and Blue). Meaning which user belongs to which security group.

In the IDB file, you have the configuration of the Red and Blue keys.

This means that the Red keys are defined on both IDS and IDB files.

The IDS for the names of the Red keys group, and which user is part of which Red key groups.

And the IDB to tell that such Red Key group can see or not a table or a field (or make them read-only)

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSXW43","label":"i2 iBase"},"ARM Category":[{"code":"a8m50000000CiANAA0","label":"i2 iBase and i2 Analyst's WorkStation->Security"}],"ARM Case Number":"TS005093335","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0.x"}]

Document Information

Modified date:
16 March 2021

UID

ibm16430579

Page Feedback