Passkey Security

Passkeys determine access to data tables. Passkey security is implemented at two levels, as follows:

Passkey authorization determines what you can do with data tables through ASF. By default, ASF users have full passkey authorization, enabling them to create data tables for themselves and be given access to tables owned by others. The ASF administrator can limit the passkey authorization of an individual user through the User Limits and Defaults screen (see the chapter "Administrative Functions of ASF" and the chapter "Administrative Screens"). For example, if the ASF administrator revokes your CREATE passkey authorization, you are not able to define and generate tables through ASF, either for yourself or for other users.
Passkey assignments determine what other users can do with your tables and what you can do with tables owned by others. Table ownership gives you the right to grant or deny another user access to your table. The only way another user, even an ASF administrator, can access a table you own is if you explicitly assign the user a passkey to the table.

Three types of passkeys can be assigned, as follows:

Data access passkeys allow access to data tables and table definitions.
Catalog access passkeys allow access to the catalog, which is the directory of users and tables.
Predefined passkey combinations combine data and catalog access passkeys, enabling you to specify useful combinations of data and catalog access with a single passkey.

Passkey authorization applies only to data access passkeys. When authorization for a passkey is revoked, assignments of that passkey are not honored. For example, if you are not authorized for the ADD passkey, you cannot add data to tables. If another user assigns you an ADD passkey for one of his tables, the passkey is not honored; you cannot add data to your own tables or to another user's tables.

Each of the three types of passkeys that can be assigned through ASF is discussed separately below.