When Compilers Check Component Security
The schema compiler checks the security of a specific schema whenever a SCHEMA statement (other than ADD SCHEMA) is issued for that schema; the subschema compiler checks security of a specific subschema whenever a SUBSCHEMA statement (other than ADD SUBSCHEMA) is issued for that subschema. Note that this security is not checked for each component of a schema or subschema; once a user passes security for a schema or a subschema, all of its components are available to the user. Component security applies to every existing schema and subschema, regardless of whether compiler security is on.
Security Maintained Through PUBLIC ACCESS Clause
Security for a specific schema or subschema is set through the PUBLIC ACCESS clause of the SCHEMA or SUBSCHEMA statement. A schema or subschema is said to be unsecured if PUBLIC ACCESS IS ALLOWED FOR ALL is in effect; any other public access specification places some level of security on the schema or subschema. The following examples show how component security is set:
MOD SCHEMA EMPSCHM turns off security for EMPSCHM
PUBLIC ACCESS IS ALLOWED
FOR ALL.
MOD SUBSCHEMA EMPSS01 turns on security for all verbs
OF SCHEMA EMPSCHM issued against EMPSS01
USER IS NET
REGISTERED FOR ALL
PUBLIC ACCESS IS ALLOWED
FOR NONE.
MOD SUBSCHEMA EMPSS02 turns off security for DISPLAY
OF SCHEMA EMPSCHM EMPSS02 and PUNCH EMPSS02;
USER IS NET turns on security for all other
REGISTERED FOR ALL verbs issued against EMPSS02
PUBLIC ACCESS IS ALLOWED
FOR DISPLAY.
Description of an Authorized User
An authorized user for a specific schema or subschema is one who is defined in the dictionary and whose association with the schema or subschema includes the verb used in the SCHEMA or SUBSCHEMA statement being processed. This authority is assigned through the REGISTERED FOR subclause (in the user-options-specification) of the USER clause in a previously issued SCHEMA or SUBSCHEMA statement, as illustrated in the following examples:
ADD SUBSCHEMA NAME IS EMPSS01 assigns authority to KCO to
USER NAME IS KCO use all verbs against EMPSS01
REGISTERED FOR ALL.
ADD SUBSCHEMA NAME IS EMPSS02 assigns authority to GKD to
USER NAME IS GKD access EMPSS02 with only
REGISTERED FOR PUBLIC ACCESS. those verbs specified in
EMPSS02's PUBLIC ACCESS clause
ADD SCHEMA NAME IS EMPSCHM assigns authority to TWG to
USER NAME IS TWG DISPLAY and PUNCH EMPSCHM
REGISTERED FOR DISPLAY.
Note: For more information about PUBLIC ACCESS and USER clauses, see the SCHEMA and SUBSCHEMA statement documentation in the CA IDMS Database Administration Guide.
|
Copyright © 2014 CA.
All rights reserved.
|
|