Using archive file security

Use archive file security to control access to data in archive files. Each secured archive file is associated with a file access definition, which is a security definition that lists tables and columns for which access privileges are defined and, for each listed role, grants or denies privileges to access the archived data.

For example, you might use archive file security to prevent any access to data in a specific table or column for most users while granting access to members of selected roles for the same data.

Establishing archive file security requires an access control domain that is used as the basis for roles in the file access definition. In addition, you must use the Configuration program to enable archive file security.

Optim security

Optim provides three types of security. For each Optim directory, you may establish any or all of the following types of security: functional security, object security, and archive file security. Optim designer supports only archive file security. Use the Configuration program to enable Optim security.

Access control domain

The access control domain (ACD) is a security definition that serves as the foundation for all levels of Optim security. Each Optim directory for which Optim security is initialized contains an ACD named (default) that cannot be deleted. Depending upon the needs of your facility, you may create additional ACDs or use only the (default) ACD. Each ACD includes a list of roles. Each role represents a logical grouping of user and group accounts in your network. Typically you might assign names of roles to convey the capabilities of the accounts represented by the role. Examples of role names might be “guest”, “normal”, and “super”. User and group accounts are mapped to one or more roles, as appropriate.

File access definition

Use a file access definition (FAD) to control access to data in specified tables and columns. To apply a FAD to an archive file, use the Archive Request Editor. You can define access permissions by creating an access list for a table, column, or the default. All users are allowed unlimited access to archived data to which an access list does not apply. FAD specifications for tables and columns that do not exist in an associated archive file do not affect the security of the file.



Feedback