When the DQOPTLST parameter, QRYGRPS=YES, is specified, you can assign group IDs to a query allowing only the users assigned to those group IDs access to that query. When QRYGRPS=YES, only the administrator authorized to the LIBRARY function can update or delete that query. If QRYGRPS=NO, the author of a public or private query and the CA Dataquery Administrator can update or delete the query.
The mode (DQL or SQL) and the authorization control access to a query. DQL Mode users can access a DQL Language query, but cannot access SQL queries unless they are authorized to use SQL and are using SQL Mode at the time. SQL users can access only SQL queries unless authorized to use DQL Mode as well.
If the query is private, only the author of the query and the authorized administrator are permitted to access the query regardless of the value assigned to the QRYGRPS= parameter. If QRYGRPS=YES, and the query is public and not assigned to a group, all users can access the query. If a query's group assignments are all blank, all users can access that query. All of the user's accessible queries are displayed on that user's query library listing.
Since queries access the information in the database as defined in the query itself, the definition of the query as public or private and the assignment of the query to a group or multiple groups impacts the integrity of your data security. A user can only access those queries that they have created (if they are a conventional user), those that are public, and, if QRYGRPS=YES, those that are assigned to the group IDs matching the user's group IDs and the matching mode.
The DQOPTLST macro parameter, QRYGRPS=, has to be specified as YES so that you can implement the group assignments to queries. If QRYGRPS=NO, CA Dataquery ignores group level IDs in determining access to a query.
|
Copyright © 2014 CA.
All rights reserved.
|
|