Security

1. Summary

The Dataphor Server provides a complete role-based security model for controlling access to the applications and resources defined in the server. In addition to allowing access control to objects defined in the system catalog, the security system allows developers to define application-specific rights that are managed in the same way. This allows a flexible and powerful security model that applications can not only extend, but query to dynamically control user interface appearance based on security context.

2. Security Primitives

There are three basic primitives in the Dataphor security model:

In general, rights and roles will be defined by the application developer as part of the application. Ideally, roles will be made up of non-overlapping groups of rights. Users can then be assigned to be members of the appropriate set of roles by the system administrator. The following sections discuss each type of object in detail.

2.1. Users

A user is the basic unit of authentication in the Dataphor Server. There are two system-defined users: System and Admin. The System user is used by the Dataphor Server to perform system-level functions. Only the Dataphor Server can login as the System user. The Admin user is the central administrative user for the Dataphor Server. It is not possible to revoke any right from the System or Admin users. For this reason, care should be taken to guard access to the Admin user, as anyone logging in with that user will have unrestricted access to the objects in the Dataphor Server.

2.2. Rights

A right is the basic unit of permission in the Dataphor Server. Any operation which must be protected has an associated right. Rights are then assigned to users and roles to allow users access to the various objects and functions of the Dataphor Server. A right can be granted or revoked, and a right assignment can be reverted. The Dataphor Server defines several system rights which protect basic operations such as DDL statements. Whenever a catalog object is created, the rights necessary to protect operations on that object are also created. For example, creating a table creates select, insert, update, and delete rights for that table, as well as alter and drop rights. Although rights are not catalog objects per se, they are part of the library in which they were defined.

The Dataphor Server defines the following system rights that are not associated with any catalog object:

System.CreateType

Protects invocation of the create type statement.

System.CreateTable

Protects invocation of the create table statement.

System.CreateView

Protects invocation of the create view statement.

System.CreateOperator

Protects invocation of the create operator and create aggregate operator statements.

System.CreateDevice

Protects invocation of the create device statement.

System.CreateConstraint

Protects invocation of the create constraint statement.

System.CreateReference

Protects invocation of the create reference statement.

System.CreateRole

Protects invocation of the create role statement.

System.CreateRight

Protects invocation of the create right statement.

System.CreateReference

Protects invocation of the create reference statement.

System.CreateUser

Protects the creation of users.

System.AlterUser

Protects the administration of users.

System.DropUser

Protects the deletion of users.

System.MaintainSystemDeviceUsers

Protects maintenance of the system device user mapping for devices. Without this right, a user cannot specify the device-specific credentials for the system user for a given device.

System.MaintainUserSessions

Protects configuration of user sessions through the System.Sessions and System.Processes catalog tables.

System.HostImplementation

Protects the use of host implementation structures. Without this right, a user cannot specify that a given D4 structure is implemented by a specified host implementation structure.

2.3. Roles

A role is a group of right assignments in the Dataphor Server. The Dataphor Server defines several system roles which it uses to manage basic system rights. Users can be assigned to any number of roles. When a user is a member of a role, the right assignments in that role are applied to the user. A role is a catalog object with rights and ownership.

The Dataphor Server defines the following roles:

  • System.Admin

  • System.User

  • System.CatalogUser

  • Security.SecurityUser

  • Frontend.User

  • Frontend.Developer

3. Security Management

Management of users in the Dataphor Server is controlled through the security rights for creating, altering and dropping users, as well as the execute rights for the various security management operators.

The following operations are available to any given user of the Dataphor Server:

  • Create, Alter and Drop users, so long as the appropriate rights have been granted.

  • Manage right assignments in all roles owned by the user.

  • Manage all catalog objects owned by the user.

4. Catalog Object Ownership

Catalog object ownership specifies which user is responsible for managing a particular object. Whenever a catalog object is created it is owned by the user that created it. All rights for the object are implicitly granted to the owner of the object. The owner of an object can be changed using the SetObjectOwner operator.

5. Determination of Rights

All rights for a given object are implicitly granted to the owner of the object. For example, the owner of a table can perform any operation against that table. Whether or not a given user has been granted a right is determined by the following rules:

  • If the user has an explicit assignment for the right, the right is granted or revoked according to the right assignment.

  • If the roles which the user is a member of have an explicit assignment for the right, the right is granted or revoked according to the most restrictive right assignment of any role.

  • If the user is the owner of the right, or the catalog object the right is associated with, the right is considered granted.

According to these rules, the following points can be made:

  • An explicit right assignment for the user will override any right assignment made on any role that the user is a member of.

  • If the roles that a user is a member of result in multiple assignments for the same right, the most restrictive right assignment is used.

  • It is possible to revoke the rights for an object that a given user owns by using an explicit right assignment.

Rights determination is a compile-time function of the Dataphor Server. This means that rights determination takes place when an object is created, not when it is accessed. For example, if a view is created which accesses a table that the user creating the view has access to, and access permissions for the view are subsequently granted to a user that does not have access to the table, the view will still function correctly. In other words, operators and views provide an abstraction over the security mechanism of the Dataphor Server.

Note also that this means that execute rights for event handlers do not need to be granted, so long as the appropriate modification right has been granted for the table in question, the event handler is considered part of the table definition for the purposes of security management.

Because rights determination is done at compile-time, changes to the rights of objects referenced by views and operators forces a recompile of these objects. This update is handled automatically by the Dataphor Server.

6. Catalog Object Rights

Whenever a catalog object is created in the DAE, an appropriate set of rights is also created to protect access to the object. The rights created for each object type are as follows:

Type

Alter, Drop

Operator

Alter, Drop, Execute

Table or View

Alter, Drop, Select, Insert, Update, Delete

Device

Alter, Drop, Read, Write, CreateStore, AlterStore, DropStore, Reconcile, MaintainUsers

Constraint

Alter, Drop

Reference

Alter, Drop

Role

Alter, Drop

The created right is named by concatenating the name of the object with the name of the right. For example, a table named Employee will have a right named EmployeeSelect.

7. Managing Security

The Dataphor Server exposes all the functionality for managing the security system through the Security API. The D4 language then includes several shorthands for various calls in this API, and finally, the Dataphoria environment exposes the functionality visually using the Security library.

For information on the Security API, refer to Security Operators in the System Library Reference.

For information on the Security statements of D4, refer to Security in the Dataphor Developer’s Guide.

results matching ""

    No results matching ""