xfODBC security: managing access

This topic includes the following sections:

 

xfODBC access to a Synergy database and the system catalog is controlled in one of two ways:

Table access levels also play a part, though that varies depending on the type of user. See Understanding access levels for tables and groups below.

Important

Although you can give users read/write access to data via xfODBC, for updating Synergy data we strongly recommend using a Synergy application that is designed to efficiently maintain database integrity. See Statements that modify data for more information.

Level-based users and groups

With level-based users (the only type of user available until Connectivity Series version 11), access to the database is controlled by access levels assigned to tables and groups, and a user's access is based on membership in a group. This type of user is supported if your system catalog has SODBC_USERS and SODBC_GROUPS files — i.e., if the system catalog was generated with the -p option for dbcreate or the "Initialize users and groups" option for the DBA program.

When you add support for level-based users and groups by "initializing", an initial set of users and groups is created. This set includes three default users (DBA, DBADMIN, and PUBLIC) and two default groups (SYSTEM and USER). Once you have this initial set, you can manage access to your database by using these users and groups and by creating other users and groups. See Managing level-based users and groups for more information.

Privilege-based users and privileges

A system catalog supports privilege-based users if it has GENESIS_AUTHS and GENESIS_USERS tables and files (see System catalog) — i.e., if it was generated using dbcreate with the -c and -a options. With this type of user,

See Managing privilege-based users and privileges for more information.

Additionally, table access levels are used only to determine whether read/write access or read-only access is allowed for a table. See Understanding access levels for tables and groups below.

Understanding access levels for tables and groups

Tables and groups have access levels, which range from 0 to 255.

When you generate the system catalog, all database tables are assigned an access level of 100 (read-only) by default. (System tables are assigned an access level of 99.) You can use a conversion setup file to change table access levels. For more information, see Modifying table access levels.

Level-based access illustrated

The table below illustrates how access levels work for level-based users. Note the following: