Manualshelf

TurboIMAGE/XL Database Management System Reference Manual MPE/iX V6.5 (30391-90011)

ManualsBrandsHP ManualsSoftwareMPE/iX 6.5 Operating System
51525354555657585960
56 Chapter2
Database Structure and Protection
Protecting the Database
Assuming the database designer has granted only read access at the data set level as
summarized above, control at the data item level is established in the following ways:
Specify the user class number in the data item read class list (or omit both read
and write class lists entirely). This grants the user class read access to the data item.
Specify the user class number in the data item write class list. This grants the
user class the ability to update or change the data item value. Master data set key item
values cannot be updated. Detail data set search or sort item values can be updated in
database access mode 1, 3, or 4 if permitted by the critical item update (CIUPDATE)
option settings for the database and the current process. Because the user class is
implied to be in the read class list, the user class can also read the item. A user class
number must be in the data item write list in order to update the value.
Exclude the user class number from both the specified read and write class
lists of the data item. This denies the user class any type of access to the data item.
The protection of data set and data item values is designed so that the database designer
must explicitly specify the user class number to allow that class to make any type of
change to the database. Read access can be granted by default in some situations, for
example, by omitting the lists entirely (also known as absent lists). To deny read access to
a data set or data item, the database designer must specify a list and deliberately exclude
the user class number.
Figure 2-8. provides a security flowchart. The database has been opened in modify access
mode 1, 3, or 4; these are the only allowable access modes for CIUPDATE which allows
update of detail data set search and sort items. As you read the flowchart, consider the
following examples based on the sample ORDERS database:
Only user classes 11 and 18 can add and delete CUSTOMER data entries because these
are the only user class numbers in the data set write list as shown earlier in Table 2-2..
To do so, they must open the database in access mode 1, 3, or 4.
User class 14 can update the CREDIT-RATING data item in the CUSTOMER data set
because it is in the data item write list and the data set read list. To do so, the database
must be opened in access mode 1, 2, 3, or 4.