TS ODBC DataServer™ (Security Overview)TS ODBC DataServer™ (Security Overview)

Security

Security is a major issue especially in the accessing multi-user applications. With ad hoc ODBC-enabled query tools available, it is important to insure that only authorized users are able to query and modify your application's data. This section describes:

  • User connection security.
  • Table, column, and row security for users once they are allowed to connect.
  • User Connection

TS ODBC enforces database-user connection security. The security features are comprehensive and flexible and should cover virtually all user requirements for connection level security. For complete details on OPENworkshop® or Dictionary-IV™ security, see the appropriate reference manual.

A Client Connection requesting access to a Thoroughbred DataSource requires an IDOL-IV login. The ODBC Driver will attempt to determine an automatic login and password prior to prompting the user using one of the methods below:

  • Values may be included as keywords parameters on the connect string received from a client application (i.e. MS Access includes the user name from the command line or 'Admin').
  • The DSN information in the ODBC.INI may contain User-ID and Password.
    Example:
    [UTDEMO]
    Driver32=C:\\WINNT\System32\tfodbccl.dll
    User-ID=COO
    Password=COO
  • The workstation login name.

If a login and password cannot be found, or the above fails authentication, the ODBC Driver prompts for them. For more information, see the User Login and Authentication section.

A connect request is sent to the server with whatever information is available. The server will complete the connection and return the result of the login procedure below. The ODBC Driver will request any missing information from the user and send the results to the server. This is repeated until all needed information is verified or the user cancels.

User Login and Authentication

If the automatic login fails, the user will be prompted for a login and password. The Login dialog box prompts for either User-ID (if OPENworkshop security is active) or Operator Code (if IDOL-IV passwords is active).

If the user is prompted for a User-ID, it will be validated against the OPENworkshop security file (typically a UNIX login). If OPENworkshop security is active and the User-ID and a Shadow Password file exist, it will be used for password validation. Otherwise, the Operator Code will be used for validation and the Operator Code password will be checked. For more information, go to the View user ids option from the OPENworkshop Security Menu or see the OPENworkshop Reference Manual.

Each OPENworkshop User-ID is linked to an IDOL-IV Operator Code.

LINK (Tables) Security

The following tests are performed, if either OPENworkshop security or IDOL-IV security password is active.

  • Link password
  • Operator Access codes (type 0 and type 1)
  • Terminal Access is ignored (type 0 and type 1)
  • Group Access - user must be member of group

Notes:

  • Group codes with an appended R have read-only access, group codes without have read/write access. Read-only access will cause UPDATE, INSERT, and DELETE to fail because of improper permissions.
    Example:
    Security set to: [100R,200,300R]
    Users in group 100 and 300 have read-only access.
    Users in group 200 have read/write access.
    All others have no access.
  • Link definitions that include I/O triggers will be considered read-only.

DATANAME (Column) Security

Dataname Security does not require the IDOL-IV security being active. If security is inactive or there is no security value (Format) for a dataname, '0,0'will be used as the security value. If group codes are present and the user is a member of one of the groups, the group security code is used instead. The effect of the Dataname Security on each ODBC operation is:

  • RETRIEVING the column is filled with blanks or zero if display mode is 1 or 2.
  • UPDATING the column is protected if security mode is 1 or 3.
  • INSERTING the column can only be set to the default value when security-mode is 2 or 3.

Notes:

  • If the Dataname Security includes a password, the user will be prompted.
  • Datanames defined with a POST-PROCESS cannot be updated.

RECORD LEVEL (Row) Security

Record level security can only be used when OPENworkshopsecurity is active. Record level security is indicated by a security-mode 4 (Format) on a two-character column. If group codes are present ant the user is a member of one of the groups, the group security code is used instead. The effect of Record level security on each ODBC operation is:

  • RETRIEVING/UPDATING only records with matching values are selected.
  • INSERTING only records with matching values can be added.

Thoroughbred, OPENworkshop, and IDOL-IV are registered trademarks of Thoroughbred Software International, Inc.
TS ODBC DataServer and TS ODBC R/W DataServer are trademarks of Thoroughbred Software International, Inc.
All other names, products, and services mentioned are the trademarks or registered trademarks of their respective vendors or organizations.