Profile codes are used to restrict access to data in a specific column, whereas restricted conditions limit access to data in a specific row based on a particular value in the column. Effective use of profile codes allows you to prohibit unwarranted access to sensitive data at the column level.
Using Profile Codes
A PROFILE-CODE is a CA Datacom Datadictionary attribute of the FIELD entity-type used by CA Dataquery to classify fields (columns) into various security groups. Once the profile-code is established and included in the field definition, only users who are authorized for that profile-code can FIND and/or UPDATE data in the protected fields. The assignment of profile codes controls which fields the user sees on the Display Fields panel, unless the user is Data Authorized. If Data Authorized=yes on the User Authorization panel, the user can display fields but cannot update if they are protected by a profile-code.
At installation, all CA Datacom Datadictionary FIELD entity-occurrences have a null profile-code. This means that once table level authorization is granted to a user, that user has the ability to FIND every field (column) in that table. If you assign a profile-code to a column however, only those users authorized for that profile-code can FIND and/or UPDATE that column.
For example, say you have columns occurring on several rows that contain financial information. Perhaps one column contains prices of inventory items, another contains information on discount rates for certain customers. If you do not want all of your users to have access to this information, you assign a profile-code to each column, or you use one profile-code for both. For this example, use the code MONY for both columns. Then decide which users can access MONY columns.
If a simple column is named in a query and does not have a profile-code assigned, it is secured by the profile-code of its parent or grandparent, if one exists. If these columns do not have profile codes, the simple columns stated in the query are unprotected and available to any user with table level authorization.
If a compound field is named in a query and does not have a profile-code assigned, it receives a profile-code belonging to its parents or grandparents if one exists. If its parents or grandparents do not have a profile-code, the code of its children or grandchildren is in effect. If none of these fields has a profile-code, the field is unprotected and available to any user with table level authorization. If a compound field has a profile-code assigned, be aware that all columns that make up the compound column have the same profile-code.
Note: TheCA Datacom Datadictionary REDEFINES attribute, which is not recognized by CA Dataquery, needs to be handled separately. For example, if FIELD X is assigned a profile-code ABC, and FIELD Y redefines X, the profile-code ABC does not carry over to FIELD Y. You need to assign the profile-code ABC to FIELD Y.
If you are planning your CA Dataquery security needs prior to creation of your database, contact the Database Administrator regarding your field security needs, so that profile codes can be established and included in the field definitions. Establish the users' authorizations to profile codes using the CA Dataquery SECURITY CONTROL administrative function.
The CA Dataquery SECURITY CONTROL function provides the following options:
This option allows you to assign CA Datacom Datadictionary profile codes which protect sensitive column data to users who need access to the protected data. A profile-code is an attribute of a column used by CA Dataquery to classify columns into various security groups. Once a profile-code is established and included in the column definition, only users who are authorized for that code can access data in the protected columns. If Y (yes) has been specified on the DATA AUTHORIZED field on the User Table Maintenance panel, a user without profile-code authorization can read the data.
This option allows you to copy to another user one or all of the authorizations that have been assigned to one user. The security access can remain the same or be further modified for the new user.
This option allows you to copy the profile codes assigned to one user to another user. Another method of restricting access to data is the use of conditions and restrictions. Conditions are created which qualify access to rows of data based on data values. for more information, see Limiting Access to Rows Using Conditions and Restrictions.
|
Copyright © 2014 CA.
All rights reserved.
|
|