4D v14.3Access system overview |
|||||||||||
|
4D v14.3
Access system overview
Access system overview
If more than one person uses a database, you may want to control access to the database or provide different capabilities and interfaces to different users. If you are designing applications for use in a multi-user environment or the World-Wide Web, it may be essential that you provide security for sensitive data. You can provide this security by assigning passwords to users and creating access groups that have different levels of access to information in the database or to database operations. 4D’s password access system is based on users and groups. You create users and assign passwords, put users in groups, and assign each group access rights to appropriate parts of the database. Groups can be assigned access privileges to operations on records in the table and to the table definition. The following example shows “Owner” access rights for the Add_Record project method being assigned to a group. Groups can generally be assigned “Access” (use) and/or “Owner” (modification) access rights. This point is described in Ensuring system maintenance. To open the database, a user either selects or types his or her user name and then types his or her password. Then, depending on which groups the user belongs to and to which parts of the database the groups have been assigned, the user can operate the parts of the database that were specified by the access system. You can configure access to the database using the "Security" page of the Database Settings dialog box (see the Security page).
If the The user can change their password option is checked in the Database Settings, the Change button is displayed in the password entry dialog box. This button lets the current user modify his or her own password. 4D Server Note: It is possible to save the parameters and the connection identifiers to a database in a .4DLink type access file. For more information, refer to Connecting to a 4D Server Database in the 4D Server Reference manual. The user operates the database in a normal fashion. When the user attempts to use an object (form, menu command, method) that its group is not permitted to use, 4D displays an error message of the type “Your password does not allow you to use this object”. Note: If an ON ERR CALL method is installed, the error message for methods is not displayed. It is possible to customize the icon displayed in the database connection dialog box. By default, this icon depicts the 4D logo. To replace this icon by one of your choice, you simply need to place a file named LoginImage.png in the Resources folder of the database (located next to the database structure file, see Description of 4D files). The custom file must be of the “png” type and its size must be 80x80 pixels. --> When the user checks the Remember Password option, 4D saves the password when the dialog box is validated and reuses it automatically during subsequent connections. The password is encrypted and saved locally in the .4DLink file corresponding to the database. Because of this, you cannot use the feature with all 4D applications. The following table shows when it is available:
Once specified, the access control system can be used for several types of external access to the 4D database. You can therefore take advantage of the access hierarchy in these specific contexts. The users and groups system of 4D can be used for:
The best way to ensure the security of your database and provide users with different levels of access is to use an access hierarchy scheme. Users can be assigned to appropriate groups and groups can be nested to create a hierarchy of access rights. This section discusses several approaches to such a scheme. In this example, a user is assigned to one of three groups depending on their level of responsibility. Users assigned to the Accounting group are responsible for data entry. Users assigned to the Finances group are responsible for maintaining the data, including updating records and deleting outdated records. Users assigned to the General Management group are responsible for analyzing the data, including performing searches and printing analytical reports. The groups are then nested so that privileges are correctly distributed to the users of each group.
You can decide which access privileges to assign to each group based on the level of responsibility of the users it includes. If you assign the Accounting group to an input form, for example, it means that everyone can use this input form. If you assign the Finances group to the form, it is restricted to members of the Finances and General Management group. If you assign the General Management group, only members of this group can use the form. Such a hierarchical system makes it easy to remember to which group a new user should be assigned. You only have to assign each user to one group and use the hierarchy of groups to determine access. Your access scheme should restrict access at the lowest possible level, usually at the form level. |
PROPERTIES
Product: 4D SEE ALSO TAGS 4DLink ARTICLE USAGE
4D Design Reference ( 4D v14 R2) Parent of : Access system overview ( 4D v12.4) |
|||||||||