Because database data can only be accessed through valid database-level permissions and because it is desirable for users within the software application to access data to which they do not otherwise have rights, a secondary database-level security scheme is defined for each user. This set of permissions permits all database activity that may be required to successfully use the software functions. When executing the software application, the user is actually connected to the database using this security level. Jenzabar recommends that this level of access be defined very broadly. A suggested procedure for implementing is to link every application user to a single User ID that has been given access to the entire application database.
This security level, combined with application function-level security, allows the user the proper access to complete tasks using J1 Desktop but properly restricts access to the database when the same user is using other data access tools.
|
A user may have the necessary rights within J1 Desktop to register a student into a course. However, when the user is producing a report, the database administrator is likely to prefer that he not be able to directly modify the data in the tables that store this data. |
This restriction is especially true for data that, when entered via the application, undergoes a great deal of validation prior to being stored in the database or that initiates application logic which "ripples" the effects of the data out to other tables. Some modules keep summary information updated whenever the application modifies the detailed data. A user modifying this data via InfoMaker would bypass this logic and cause the summary to be incorrect.
The User ID and password that identify the user's application database-level security are not to be communicated to the user and are not to be the same as the User ID and password used for the other two security levels (user database-level security and application function-level security. These values for each user are stored in an encrypted form in the database and are only to be decrypted and utilized by the software application behind the scenes.
Use the security utility within your Database Management System (DBMS) to set up application database-level security.
