|
Image and Turbo/Image Access Tool ODBC/32
Using The Catalog Editor
ODBC/32 Security Features
By default, ODBC/32, relies on MPE/iX and TurboImage Database for allowing login and data access.
The ODBC/32 security features can provide extra security checking beyond MPE/iX and TurboImage
Database security. ODBC/32 can extend login security by password validation through VESoft,
Inc.’s Security/3000.
ODBC/32 can also check data access through a system-wide security catalog. The security catalog is
created with the Catalog Editor, which is a part of the ODBC/32 software. The security catalog is a
matrix of data identifiers (schemas, tables, and columns) along with user names which have access
to those data identifiers. When the catalog is enabled, a user must be on the list of users for a
data identifier to have any sort of access to the data named by the data identifier. The user name
can be the MPE/iX user and account or it can be an arbitrary 16-character name called a catalog user
name.
Security Configuration
The "Security" tab on the ODBC/32’s data source configuration dialog contains the
fields for a Security/3000 password and a catalog user name.
If a ‘?’ is the first character in any of these fields, this dialog will prompt for
the actual entries when the driver connects to the server.
Enabling Security checking through the Catalog
In order to use the extra security checking of a catalog file, MSJOB must be modified .
The ‘C’ parameter must be added to the MSSERVER000004 variable, as shown below:
!SETVAR MSSERVER000004 "30006 0 ODBCSRVR.MM.MINISOFT S C"
A catalog file must then be created with the Catalog Editor and uploaded to the server. The server
program accesses the catalog file through the formal designator "ODBCCAT". A file equation
may be placed in MSJOB, before the "!RUN" line, to reference the proper file.
The Catalog Editor
The Catalog Editor is a Windows-based program used to create and maintain a catalog. It is installed
with the Administrator Setup program (Admin.exe).
NOTE: The catalog file is stored as an ASCII file on the HP e3000. You must always use the
"Catalog Editor" application to modify this file. Modification with other tools
will result in unpredictable behavior.
The Catalog Editor represents the catalog file in a graphical manner. The "Users" listbox
contains a list of MPE/iX and catalog user names. Groups of users can be created in the
"Groups" window. Groups represent one or more users. The rightmost window contains the
security list. It lists schemas (or databases), tables, and columns, along with lists of users and/or
groups for various types of access.
Note that it is not necessary to have any users in the "Users" window. These names are
not checked by ODBC/32, but are used to drag and drop in the "Groups" window and the
security list window. It is also not necessary to have any groups in the "Groups" window.
Groups, however, are very useful for creating categories of users and minimizing the changes needed
when ODBC/32 users are added or deleted. In this document the term user also refers to a group that
the user is a member of.
The security list is checked by ODBC/32 when a client application wants to access data. The user
must be in one of the data identifier’s access lists for the user to have any type of access
to the data. Schemas only have one access list named "Access". This names the users that
have access to the named schema.
Tables have four access lists described as follows:
Select: Users in this list may read records from the table.
Insert: Users in this list may add records to the table.
Update: Users in this list may update records in the table. This access also implies
"Select" access.
Delete: Users in this list may delete records from the table.
Columns have three access lists, described as follows:
Select: Users in this list may read the column.
Insert: Users in this list may provide a value for this column for new records.
Update: Users in this list may update the values of this column. This access also implies
"Select" access.
It is important to note that a user must be in the appropriate access list of any data identifiers
it wishes to access. Being in an access list for one data identifier never implies access to
another data identifier. For example, to read data in a column, the user must at least be in the
"Select" list of the column, the "Select" list of the table the column resides
in, and the "Access" list of the schema the table resides in.
Catalog Editor User Interface
The File menu
New: Creates a new catalog file.
Open: Opens an existing catalog file.
Close: Closes the catalog file and its window.
Save: Saves the catalog to a file.
Save As: Saves the catalog to a different file name.
Save and Upload: Saves the catalog to a file, and then uploads it to the server.
Recent files: Opens the selected catalog file.
Exit: Exits the Catalog Editor
The Edit menu
Add User(s): Adds user(s) to the "Users" window. This can also be accomplished with the
Add button in the "Users" window.
Remove User(s): Removes the selected user(s) from the "Users" window. This can also be
accomplished with the Remove button in the "Users" window.
Add User(s) to Group: Adds user(s) to the selected group in the "Groups" window. This can
also be accomplished with the Add Users button in the "Groups" window.
Add Group(s): Adds group(s) to the "Groups" window. This can also be accomplished with
the Add Groups button in the "Groups Window".
Remove Group: Removes the selected group or users from the "Groups" window. This can also
be accomplished with the Remove button in the "Groups" window.
Add Schema(s) to security list: Adds empty schema(s) to the security list.
Add Table(s) to security list: Adds empty table(s) to the security list.
Add Column(s) to security list: Adds empty column(s) to the security list.
Add User(s) to security list: Adds user(s) and/or group(s) to the selected item in the security
list. This can also be accomplished by dragging and dropping a user, users, or group on an item in
the security list. If the selected item in the security list is a schema, table, or column, a dialog
will prompt for a the subordinate access lists to add the users to. If the selected item in the
security list is a schema or table and it is compressed (shown preceded with a ‘+’),
then the users are added to the selected items access lists and all of its subordinate items access
lists.
Remove selection from security list: Removes the selected item from the security list.
The View menu
ToolBar: Controls the display of the toolbar.
Status Bar: Controls the display of the status bar.
Users: Controls the display of the "Users" window.
Groups: Controls the display of the "Groups" window.
Expand: Expands all the items in the security list.
The Setting menu
Recursive Add Types: Controls which access lists are added to when adding users to a schema, table,
or column in the security list.
Prompt when adding: Controls whether a prompt dialog for the access list is displayed when adding
to a schema, table, or column in the security list.
The Import menu
From Database: Imports the data-identifier names from the root file of a TurboImage database.
From Schema file: Imports the data-identifier names from a Schema Editor file.
The Connection menu
Load: Load the connection configuration from a file.
Save: Saves the connection configuration to a file.
Edit: Edits the connection configuration.
Catalog Editor command line options
<catalog file> : A file to open when the Catalog Editor is started.
/C<configuration file> : A file to load the connection configuration from when the Catalog
Editor is started.
|
