Function

DD Internal Security › CA Datacom Datadictionary Security Model › Function

Function

For security level 4, in addition to defining all previous access rights, you can further limit access of a user to entity-occurrences of a particular entity-type by limiting the functions that can be applied to the entity-occurrence of that particular entity-type in a particular status.

The functions that you can define are shown in the following chart. The code is the abbreviation that appears on the Security Profile maintenance panels.

Function		Code Description
ALIAS maintenance	ALS	Maintain ALIAS information for a given entity-type.
ADD/CREATE	ADD	Add or create entity-occurrences using batch or online maintenance facilities, or add entity-occurrences to user-defined entity-types using CA Datacom Datadictionary Service Facility.
CATALOG	CAT	Perform the CATALOG function using either batch or online maintenance facilities.
COPY from	FRM	Copy an entity-occurrence from the specified status.
COPY to	TO	Copy an entity-occurrence to the specified status. That is, the user is authorized to copy DATABASE structure from T001 status to PROD status, and not to or from any other status.
DEFINE	DEF	Maintain FIELD entity-occurrences within TABLE, RECORD, KEY, and ELEMENT entity-occurrences. Also maintain universal field definitions using this function. Note: The universal field facility allows you to define a field once, and to define multiple record definitions.
DELETE/REMOVE	DEL	Delete entity-occurrence using batch or online maintenance facilities or delete entity-occurrence from user-defined entity-types using CA Datacom Datadictionary Service Facility.
DESCRIPTOR maintenance	DES	Maintain DESCRIPTOR information for a given entity-type.
DISPLAY/RETRIEVE	DIS	Display entity-occurrence information using batch or online facilities. Retrieve entity-occurrence information using CA Datacom Datadictionary Service Facility.
DISABLE	DSA	Perform the DISABLE function using either batch or online maintenance facilities.
ENABLE	ENA	Perform the ENABLE function using either batch or online maintenance facilities.
OBSOLETE	OBS	Perform the OBSOLETE function using either batch or online maintenance facilities. This function applies to all statuses of the CA Datacom/DB and CA FILE Model Structures and can therefore only be specified for the ALL (SEC) level.
PASSWORD/LOCK maintenance	SEC	Maintain password and lock level information for a given entity-occurrence.
RELATE/TRANSFER maintenance	REL	Add, update, delete, modify relationships between two entity-types or for a relationship defined between the same entity-type. To maintain these relationships, you must be authorized RELATIONSHIP maintenance access for both the subject and object entity-types. Additionally, if you are authorized this access to AREA, TABLE, FILE, and RECORD entity-types, you can perform the TRANSFER function in either online or batch.
RESTORE	RES	Restore an entity-occurrence or structure to the specified status from either PROD status or HIST status.
SET	SET	Perform the SET function using either batch or online maintenance facilities. SET is a valid function for the DATABASE entity-type only.
STATUS maintenance	STA	Change the status of entity-occurrences using either online or batch facilities. This function only applies to entity-types other than DATABASE, AREA, FILE, RECORD, TABLE, VIEW, SYNONYM, FIELD, KEY, ELEMENT, and DATAVIEW.
TEXT maintenance	TXT	Maintain TEXT information for a given entity-type.
UPDATE/MODIFY	UPD	Update or modify entity-occurrences (including entity-occurrence names, the RENAME function) using batch or online maintenance facilities or update entity-occurrences from user-defined entity-types using CA Datacom Datadictionary Service Facility.
VERIFY	VER	Perform the VERIFY function using either batch or online maintenance facilities.

There are several rules to understand at this level of security:

Relative to a structure, a DELETE or a COPY implies that the function is available for the entire structure or substructure, but only at the level implied by the related entity-type.
For example, if DELETE is specified for the TABLE entity-type, that function can be performed for the TABLE substructure without having to define DELETE for the KEY and ELEMENT levels. However, you cannot perform the DELETE function at the KEY or ELEMENT level unless you are specifically authorized to use this function.
Authorization for any function implies DISPLAY/RETRIEVE authority.
MODEL is not specifically secured. If a user is authorized to perform ADD or CREATE, they can use modeling.
Function information is maintained by the CA Datacom Datadictionary Security Facility in the intersection data of the relationship between the profile (AUTHORIZATION entity-occurrence) and the entity-type (TABLE).