Managing level-based users and groups

This topic includes the following sections, which discuss how to create and modify level-based users and groups (not privilege-based users). For general information on users, groups, and table access, see xfODBC security: managing access.

 

With level-based users, a user's access (access to specific tables, read-only vs. read/write access, and whether the user can open a system catalog in the DBA program) is determined by membership in a group. To create users with different access levels, create groups with different access levels, and then assign users to the groups. For information on how group/user access levels and table access levels work together to control data access, see xfODBC security: managing access.

If level-based users and groups were initialized when the system catalog was generated (see Initializing level-based users and groups below), the system catalog will have a default set of users and groups. You can use these as is, or you can modify them. You can also create your own. Note that when you create or modify users or groups in DBA, the DBA updates the system catalog, so there is no need to regenerate it.

Initializing level-based users and groups

Important

Initializing user and groups removes any users and groups you have added, and it removes modifications you have made to default users and groups (i.e., restores default users and groups to their original settings).

DBA and dbcreate have options that enable you to initialize level-based users and groups — that is, create or return to an initial, default set of level-based users and groups. This default set includes the following three users and two groups. (For information on access levels, see Understanding access levels for tables and groups.)

Username

Default password

Assigned group

Access level

DBA

MANAGER

SYSTEM

254

DBADMIN

MANAGER

SYSTEM

254

PUBLIC

No password

USER

100

You can initialize users and groups as you generate or regenerate a system catalog, and you can initialize them for an existing system catalog without regenerating it.

For information on access levels, see xfODBC security: managing access.

Important

For security, change passwords after initializing users and groups.

Using DBA to initialize without regenerating

To use DBA to initialize level-based users and groups without regenerating the system catalog,

1. Open the system catalog in DBA (see Opening the system catalog in DBA), and close any open lists or input windows in DBA.
2. Select Maintenance > Initialize Users & Groups. The following prompt is displayed:

Do you want to overwrite the existing table?

3. To initialize users and groups, select Yes.

Initializing from the command line without regenerating

To initialize level-based users and groups from the command line without regenerating the system catalog, do one of the following, where connect_string has the user_name/password/connect_filename format. (For information on DBA command-line options, see Command line options.)

dbr SODBC_DBA:xfdba.dbr -c connect_string -i
$ XFDBA -C connect_string -I

For example, to initialize level-based users and groups for the sample database in a Windows or UNIX environment, enter

dbr SODBC_DBA:xfdba.dbr -c DBADMIN/MANAGER/sodbc_sa -i

To initialize level-based users and groups for the sample database in OpenVMS, enter

$ XFDBA -C DBADMIN/MANAGER/SODBC_SA -I

These examples assume that your connect file is sodbc_sa, that SODBC_DBA is set to the directory where the DBA program resides, and that the connect file is located in the GENESIS_HOME directory.

Viewing group information

1. Open the system catalog in DBA (see Opening the system catalog in DBA), and close any open lists or input windows in DBA.
2. Select Maintenance > Groups. The Group List window displays a list of groups with the following information:

GID — An automatically assigned group ID number.

Name — The alphanumeric identifier for each group.

Users — The number of users assigned to each group.

Access — The access level of each user in the group (numeric, from 0 to 255).

Description — A brief description of each group.

Creating a group

You can create up to 999,999 groups, and you can assign a maximum of 255 users to a group.

1. Open the Group List window. (See Viewing group information.)
2. Select Group Maintenance > New Group.
3. Complete the fields in the Group window:

Group ID

An automatically assigned group number. This field is not modifiable.

Group name

Enter an alphanumeric identifier of up to 10 characters.

Access level

Enter a number between 0 and 255 that determines users’ read/write access to data. This level determines the access level of all users in the group. Note that a group must be set to at least 100 for users in that group to access the database.

We recommend that you use levels 254 and 255 for administrative users only. For more information on setting access levels, see xfODBC security: managing access.

Num of users

The total number of users assigned to this group. This field is not modifiable.

Description

(optional) Enter an alphanumeric description of up to two lines of 30 characters.

4. Select OK or press F4.

Modifying a group

1. Open the Group List window. (See Viewing group information.)
2. In the Group List window, highlight the group you want to modify.
3. Select Group Maintenance > Modify Group.
4. Make any changes. (See Creating a group above for information on settings for groups.) Then select OK or press F4.

Deleting a group

1. Open the Group List window. (See Viewing group information.)
2. In the Group List window, highlight the group you want to delete. A group that has users cannot be deleted (users must first be deleted or assigned to other groups).
3. Select Group Maintenance > Delete Group. A window is displayed with the selected group’s name and description and the following prompt:

Do you want to delete the current entry?

4. To delete the group, select Yes.

Viewing users in a group

1. Open the Group List window. (See Viewing group information.)
2. Highlight the group in the Group List window.
3. Select Group Maintenance > View Users. The User List window opens. For information on this window, see Viewing user information.

Viewing user information

1. Open the system catalog in DBA (see Opening the system catalog in DBA), and close any open lists or input windows in DBA.
2. Select Maintenance > Users. The User List window displays the following information for each user:

Name — A case-sensitive alphanumeric identifier.

Password — A case-sensitive alphanumeric password. Users are not required to have passwords.

Full name — The user’s full name.

GID — The ID of the group the user belongs to.

Adding a user

You can add up to 255 users to a group.

1. Open the system catalog in DBA, and open the User List window. (See Viewing user information above.)
2. Select User Maintenance > New User. The User window is displayed.
3. Enter data in each field as described below.

User name

Enter an alphanumeric identifier for the user you are creating. It can be up to 10 characters long. This field corresponds to the Name column in the User List window and is case sensitive.

Password

(optional) Enter an alphanumeric password. It can be up to 10 characters long. Passwords are case-sensitive and are visible only to users who can open DBA (users with an access level of 254 or greater). The following characters are not allowed:  ~ @ # $ % ^ & * _ + = \ } { " , : ? / < > ! '

Group ID

Enter the ID of the group you want to assign a user to. A user’s access level is determined by the group it belongs to. To view a list of available groups, select User Maintenance > Select Group.

Full name

(optional) Enter the user’s full name. It can be up to 40 characters long.

Description

(optional) Enter an alphanumeric description of the user. The description can be up to 60 characters long.

Modifying a user

1. Open the User List window. (See Viewing user information above.)
2. Highlight the user in the User List window.
3. Select User Maintenance > Modify User.
4. Make any changes. Then select OK or press F4.

Deleting a user

1. Open the User List window. (See Viewing user information above.)
2. Highlight the user in the User List window.
3. Select User Maintenance > Delete User. A window is displayed with the selected username and the following prompt:

Do you want to delete the current entry?

4. To delete the user, select Yes.