DQ Internal Security › Understanding CA Dataquery Security Concepts

Understanding CA Dataquery Security Concepts

The intention of this section is to give you an understanding of CA Dataquery Security concepts and a suggested plan for the implementation of those concepts. Read this section thoroughly and use the information to plan for the security of your site. It is important that your security plan ensures the security of the data for your site and the CA Dataquery system and the integrity of your data.

Planning

CA Dataquery permits several levels of use and data access. Therefore, CA Dataquery security requires careful thought and planning involving:

• Your site's data
• The way the data is used
• Who is allowed access to the data
• Who is to administer access to data
• Who is to administer authorization to use CA Dataquery
• Who is to plan and administer CA Dataquery security
• The usage of DQL and SQL modes
• Coordination of security with the site Database Administrator and CA Datacom Datadictionary Administrator and with the CA Dataquery Administrator

Important! CA Datacom/DB database IDs can range from 1 to 5000. However, CA Dataquery internal security only allows three digits for a database ID. Therefore, if you have tables in databases with IDs greater than 999 that need to be secured, you must use external security.

Concepts

Following are some of the tasks discussed on the following pages:

• Understanding CA Dataquery and external security
• Authorizing users to access data
• Securing data access for DQL use
• Limiting access to columns
• Securing data access for SQL use
• Miscellaneous security control techniques
• Considering CA Datacom system security

CA Suggests

After your plan has been in effect for some time, you might need to make changes to your original plan. CA Dataquery is flexible and allows you to make changes easily. We suggest that you reread this document before making changes, to ensure that the changes are consistent with the concepts discussed here and your site-defined plan.

You can establish security through CA Dataquery and you can choose to use any external security management product, such as CA ACF2 and CA Top Secret, to define your CA Datacom/DB and CA Dataquery access rights. CA Dataquery users must be assigned access to CA Datacom/DB tables through the security in force for CA Datacom/DB before they can access tables using CA Dataquery.

CA Dataquery Security

CA Dataquery provides several types of security. You can limit access to:

• CA Dataquery through a signon procedure and/or a signon/off exit
• Data through user authorization
• System functions through user authorization
• Data through group authorization
• Administrative functions through user authorization
• Tables through SECURITY CONTROL
• Rows through restricted conditions
• Columns through CA Datacom Datadictionary profile-codes

You must communicate with the CA Dataquery Security Administrator regarding the CA Datacom/DB and CA Datacom Datadictionary security environment and to determine how security should be implemented for CA Dataquery. You must ensure consistency across the system for security use.

CA Dataquery security must be specified in addition to CA Datacom/DB security unless the CA Dataquery user's definition specifies DATA AUTHORIZED as YES. CA Dataquery security must be specified to use INSERT, UPDATE, or ERASE functions. CA Dataquery Security is used to determine authorization of a user to access data only in DQL Mode.