Archive File Security

Archive File Security allows you to control access to data in Archive Files. For example, you might use Archive File Security to prevent any access to data in a specific table or column for most users while granting access to members of selected roles for the same data.

Each secured Archive File is associated with a File Access Definition (FAD), which is a security definition that lists tables and columns for which access privileges are defined and, for each listed role, grants or denies privileges to access the archived data.

Establishing Archive File Security requires an ACD (the (Default) ACD or one you create for the purpose) used as the basis for roles in the FAD. In addition, you must use the Configuration program to enable Archive File Security.

Access Control Domains

The Access Control Domain is a security definition that serves as the foundation for all levels of Optim™ Security. Each Optim Directory for which Optim Security is initialized contains an ACD named (Default) that cannot be deleted. Depending upon the needs of your facility, you may create additional ACDs or use only the (Default) ACD. Each ACD includes a list of roles. Each role represents a logical grouping of user and group accounts in your network. Typically you might assign names of roles to convey the capabilities of the accounts represented by the role. Examples of role names might be “GUEST”, “NORMAL”, and “SUPER”. User and group accounts are mapped to one or more roles, as appropriate.

The role specifications in the (Default) ACD are referenced for Functional Security, if enabled for the Optim Directory. Also, the role specifications in the (Default) or other ACD are referenced by Access Control Lists (used to secure objects) and File Access Definitions (used to secure Archive Files) and assigned privileges to access the object or Archive File.

Access Control List

The Access Control List is an Optim object that serves as the basis for Object Security. ACL parameters govern the ability of a role to perform actions (such as read, update, or delete) on both the object and the ACL for the object. Each ACD, File Access Definition, and secured Optim object has a unique ACL.

File Access Definition

The File Access Definition is the basis for Archive File Security. All Archive Files generated by running an Archive Request that references an FAD are secured by the FAD.

Security Diagram

The following diagram illustrates the features of Optim Security. Optim Security Features

The (Default) ACD, an object in the Optim Directory, is the linchpin for the three levels of Optim Security. In the (Default) ACD, arbitrarily named roles are linked to network accounts used as logons when performing tasks.

Functional Security

The (Default) ACD selectively grants and denies Functional Security privileges for roles in order to provide appropriate access to the interface and functions. For example, a member of a role expected to run an Archive Request online must be allowed the Invoke Archive Request Editor privilege, while a member of a role expected to create a secured Archive Request must be allowed the Create Archive Request and Associate Archive Request privileges.

Object Security

Secured objects (including ACDs and File Access Definitions) have an ACL that grants and denies read, update, delete, and execute permissions to a subset of roles defined in the (Default) ACD. (At your option, these roles can be defined in a specialized ACD, rather than the (Default) ACD.) In the illustration, ACLs for the Archive and Restore Requests must grant run (execute) permission to roles expected to run these requests.

Archive File Security

A File Access Definition (FAD) defines the security rules for data in one or more Archive Files created by an Archive Request that references the FAD. The FAD in the diagram may grant access to archived data in selected tables and columns and deny access to data in others. The logon account used to run the Restore Request must be represented by a role in the FAD that is granted the necessary access to archived data.

Configure Security

To use Optim Security, you must initialize security for the Optim Directory, assign a Security Administrator, and enable the security features your site will use.

To initialize Optim Security and assign a Security Administrator, use one of the following Tasks menu options in the Configuration program:

To enable or disable the security features, select Configure Security for an Optim Directory from the Tasks menu in the Configuration program.

For more information, see Configure Security for an Optim Directory.



Feedback