User Manager

User Manager

The OpenBase Manager has a built in facility for managing database users. A database user is simply a login/password combination that gives a person access to a database. Databases are considered to be network resources and therefore must have their own user authentication system.

The User Manager allows you to add users and groups to your databases. The database must be running to access the User Manager feature.

OpenBase’s security system is completely separate from the security system of the operating system you are running OpenBase on. This is an important feature because you may want to give people controlled access to your database without giving them access to your computer. You can also safely email databases knowing that people can not break into your database without the correct passwords. Passwords and databases are contained in one package.

The User Manager also provides some expert options to control what information users or groups of users are allowed to access and what they are allowed to change. You can also specify what applications certain groups of users are allowed to use so that they can not access the database through unauthorized tools (such as OpenBase Manager or openisql). This gives system administrators fine controls to disallow access to parts of the database.

Adding Database Users and Groups

Adding users is not always necessary since the login always defaults to the admin user. However, if you are running in an environment where security is an issue, you may want to define users and set user access permissions. The OpenBase Manager allows you to do this through it's user management panel shown below .

OBM5_Users.jpg

To access User Manager, click the User Manager icon to the right of the database. This option may also be selected by clicking the Action icon or Action menu bar and selecting User Manager.

The OpenBase User Manager lists users and groups of users. By default a new database contains an admin group and user. Since all users listed inside the admin group have full access to the entire database, you may want to first create a new group.

To create a new group click the Add Group button located on the left of the display. It will create a new group with a default name. You should change the name to something that defines your new group. A valid group name contains no spaces or punctuation.

Once you have created a group you can create a new user by clicking the Add User button on the top left of the window. A default user name will be filled in on the left which you should edit. You can optionally fill in the e-mail information for that user. This is used by some RADstudio applications but is not necessary.

To edit the user information, select the user in the browser located on the left side of the window.

The user information will display in the editable fields on the right. By changing the value in the group pop-up you can change the group of the user.

To set a user's password, you need to click the Set Password button. You will be prompted to type in the new password and then again to confirm.

If the information on the user window appears read-only, this may mean that your current database login does not have permission to update the users table. You may need to log in as the admin user to edit this table.

Expert Settings & Table Permissions

The User Manager also offers expert settings for setting user access to specific tables or applications. We recommended that you don't touch any of these settings unless you have a reason to be concerned about security.

You can restrict groups of users from using certain applications with specific databases by selecting the group in the list and checking the Application Authorization checkbox. Every application that has ever accessed the database will be listed with checkboxes beside each. Check only the applications you want the group to be able to use.

You can further restrict users that use RADstudio applications. The RAD Application tab gives you a list of RADstudio applications that you can enable or disable for each group.

Finally, the Expert button on the group and user panels allows you to define the specific things you want users to be able to do. For instance, you may want to give a user insert access to a database table but revoke read, update and delete access. This would allow a user to insert records without being able to see or update any of the existing data. The panel which sets this up is shown in Figure 13.

Figure 13. Expert Options - Assigning Table Access
droppedImage-35.jpg

Using the Expert Permissions panel you have the ability to give users and user groups permission to perform four standard types of database operations for each table. These include: select, insert, update, and delete. You can assign these on the user level or the group level. Users inherit the settings of their group.

Click on an item to select it, then click to deselect the Select, Insert, Update, or Delete operations as desired to prevent access to that operation(s).

To keep unauthorized users from editing user information or granting table permissions, you may want to revoke access to the tables _SYS_USERS and _SYS_PERM for each user. Revoking permissions for _SYS_TABLES will block users from creating, dropping, or renaming tables.

Users can perform operations on tables as long as they have the correct permissions. Otherwise an error is returned.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License