As the most general level of Optim™ Security, Functional Security allows you to control user access to the interface for functions provided by Optim.
For example, for a specialized administrator role that is intended to create process requests and objects needed to run these requests, you can grant unlimited access to functions. For members of a role intended only to run the predefined process requests, however, you can grant more limited access to functions.
As a second example, you might use Functional Security to grant access to the Archive-specific editors (Archive Request, Delete Request, and Restore Request) as well as the Archive maintenance utilities to members of a specialized Archive role while denying access to these editors for developers that use Optim functions to create test data.
Establishing Functional Security requires that you edit the Access Control Domain (ACD) named (Default) to define roles and, for each role, grant or deny Functional Privileges. The (Default) ACD is a security definition (i.e., a type of object in the Optim Directory) and is created automatically when Optim Security is initialized. Functional Privileges are defined in the (Default) ACD only. After editing the (Default) ACD, you must enable Functional Security using the Configuration program for the Functional Security settings to take effect.
You can also use Functional Security to define Object Association Privileges, which determine the ACDs a role can associate with Access Control Lists (ACL), used by Object Security to secure objects. Within each ACD, you can define Object Association Privileges for specific object types. For example, if an ACD denies a role the Associate Archive Requests privilege, the role cannot use that ACD in an ACL that secures an Archive Request.