Progress
Client Deployment
Guide


Setting Table and Field Permissions

You set table and field permissions by using the Change/Display Data Security utility in the Data Dictionary. Note that once security administrators are designated, only they can access this utility. All other users are denied access with the message “You must be a Security Administrator to execute this function.”

Follow these steps to set table or field permissions:

  1. Access the Data Administration tool if you are using a graphical interface or the Data Dictionary if you are using a character interface.
  2. Choose Admin Security Edit Data Security.
  3. If you are using a graphical interface, the Edit Data Security dialog box appears:

    If you are using a character interface, Progress alphabetically lists the tables defined for the working database. Choose the table for which you want to specify permissions. The Edit Data Security dialog box appears:

  4. Choose the table or field for which you want to specify permissions.
  5. If you are using a graphical interface, use the Permissions for Selected Table and Permissions for Selected Field radio buttons, then choose the table or field from the selection lists.

    If you are using a character interface, use the options at the bottom of the dialog box to choose the table or field.

  6. Specify the security permissions for the table or field. Table 3–1 lists the security permissions you can specify for a table or field.
  7. Table 3–1: Security Permissions  
    Permission
    Description
    Can-Read
    Specifies the users who have permission to read a table.
    Can-Write
    Specifies the users who can write to a table or update records.
    Can-Create
    Specifies the users who can create new records. The user with Can-Create privileges automatically has Can-Write privileges.
    Can-Delete
    Specifies the users who can delete records from a table.
    Can-Dump
    Specifies the users who can dump database or table definitions and data.
    Can-Load
    Specifies the users who can load database or table definitions and data.

    NOTE: Use commas, not periods, to separate the names in these options.

    Table 3–2 lists the values you use to define the permissions for a table.

    Table 3–2: Access Restrictions for Tables
    Expression
    Meaning
    *
    All users have access.
    user
    This user has access.
    ! user
    All users have access, except this user.
    string*
    User IDs that begin with this string have access.

    Any changes you make to the table permissions do not affect the current session or any other current sessions. This means that if other users are working while you change table permissions, they are not affected. To use the new permissions, you must exit and restart Progress.

    NOTE: Do not try to bypass the Data Dictionary to modify the permissions for the tables and fields in the database. You might lock yourself out of the database.

Example of Personnel Security

This example shows how to define permissions for a sample database called mywork. Suppose the user IDs defined in the user list for the database are salesrep, inventory, and manager. Users using the IDs are as follows:

Suppose you want all users to have Can-Read permission for the customer table, but only users with the specified user IDs to have Can-Write, Can-Create, and Can-Delete privileges. The following example shows how to specify this information for the customer table:

  Can-Read: *
 Can-Write: salesrep,manager
Can-Create: salesrep,manager
Can-Delete: manager 

In the next example for the customer table, all users have Can-Read permission for the Name field. In addition, all users have Can-Write permission, except users with the user ID of inventory:

Field name: Name

  Can-Read:	 *
 Can-Write: 	*,!inventory 

In the next example for the customer table, all users, except those with a user ID of inventory, have Can-Read permission for the Max-credit field. Here, only managers have permission to write to this field:

Field name: Max-credit

  Can-Read: *,!inventory
 Can-Write: 	manager 


Copyright © 2004 Progress Software Corporation
www.progress.com
Voice: (781) 280-4000
Fax: (781) 280-4095