TurboIMAGE/XL Database Management System Reference Manual MPE/iX V6.5 (30391-90011)
54 Chapter2
Database Structure and Protection
Protecting the Database
Database Access Modes and Data Set Write Lists
Before you can gain access to a database, you must open it specifying a password that
establishes your user class number and an access mode that deļ¬nes the type of database
tasks you want to perform. Access modes are described in chapter 4 with the instructions
for opening a database. At this time it is necessary only to note that some of the eight
available access modes do not allow write or update access even if the user class is allowed
these capabilities through the user class lists. If the database is opened in access mode 2,
5, 6, 7, or 8, all data set write class lists are merged into the read class lists, and the
merged read class lists are used for all data sets.
Granting a User Class Access
Figure 2-7. and Table 2-3. illustrate the use of read and write class lists from two different
perspectives. Figure 2-7. shows what capability user class 11 has if it appears in the lists
as shown. The same rules apply to any user class. The access mode must be as indicated.
Figure 2-7. Granting Capability to User Class 11
A null read and write class list can be used by the database creator at the data set level to
deny access to the data set by all user classes; that is, only the database creator will be
able to use the data set.
Table 2-3. presents the same rules organized by the task that the user class is to perform.
It lists the required access modes and the security rules at both the data set and data item
level. For simplicity, assume there are always read and write class lists even if they are the
default lists (0, 1, 2,...63 /) resulting when the lists are omitted in the schema (absent lists).
Control at
Data Set
Level
(1/11)
or
(11/11
)
Total access to
set if database
opened in
access mode 1,
3, or 4
(/)
No access
to set
(11/) or
absent
list
Read access to
set; item access
controlled at
item level.
Control at
Data Set
Level
(1/11)
or
(11/11)
Update and
read item
(/)
No access to
item even if
read access
at set level
(11/) or
absent
list
Read item
LIST CAPABILITY LIST CAPABILITY LIST CAPABILITY