In this section: |
How to: |
The DBAFILE attribute enables you to place all passwords and restrictions for multiple Master Files in one central file. Each individual Master File points to this central control file. Groups of Master Files with the same DBA password may share a common DBAFILE which itself has the same DBA password.
There are several benefits to this technique, including:
The central DBAFILE is a standard Master File. Other Master Files can use the password and security restrictions listed in the central file by specifying its file name with the DBAFILE attribute.
END DBA=dbaname, DBAFILE=filename ,$
where:
Is the same as the dbaname in the central file.
Is the name of the central file.
You can specify passwords and restrictions in a DBAFILE that apply to every Master File that points to that DBAFILE. You can also include passwords and restrictions for specific Master Files by including FILENAME attributes in the DBAFILE.
The following example shows a group of Master Files that share a common DBAFILE named FOUR:
ONE MASTER FILENAME=ONE . . END DBA=ABC, DBAFILE=FOUR,$
TWO MASTER FILENAME=TWO . . END DBA=ABC, DBAFILE=FOUR,$
THREE MASTER FILENAME=THREE . . END DBA=ABC, DBAFILE=FOUR,$
FOUR MASTER FILENAME=FOUR,$ SEGNAME=mmmmm,$ FIELDNAME=fffff,$ END DBA=ABC,$ PASS=BILL,ACCESS=R,$ PASS=JOE,ACCESS=R,$ FILENAME=TWO,$ PASS=HARRY,ACCESS=RW,$ FILENAME=THREE,$ PASS=JOE,ACCESS=R,RESTRICT=...,$ PASS=TOM,ACCESS=R,$
The following request joins the TRAINING data source to the EMPDATA and COURSE data sources, and then issues a request against the joined structure:
JOIN CLEAR * JOIN COURSECODE IN TRAINING TO COURSECODE IN COURSE AS J1 JOIN PIN IN TRAINING TO PIN IN EMPDATA AS J2 TABLE FILE TRAINING PRINT COURSECODE AS 'CODE' CTITLE LOCATION AS 'LOC' BY LASTNAME WHERE COURSECODE NE ' ' WHERE LOCATION EQ 'CA' OR LOCATION LIKE 'N%' END
When the Master Files do not have DBA attributes, the output is:
LASTNAME CODE CTITLE LOC -------- ---- ------ --- ADAMS EDP750 STRATEGIC MARKETING PLANNING NJ CASTALANETTA EDP130 STRUCTURED SYS ANALYSIS WKSHP NY AMA130 HOW TO WRITE USERS MANUAL CA CHISOLM EDP690 APPLIED METHODS IN MKTG RESEARCH NJ FERNSTEIN MC90 MANAGING DISTRIBUTOR SALE NETWORK NY GORDON SFC280 FUND OF ACCTG FOR SECRETARIES NY LASTRA MC90 MANAGING DISTRIBUTOR SALE NETWORK NY MARTIN EDP130 STRUCTURED SYS ANALYSIS WKSHP CA MEDINA EDP690 APPLIED METHODS IN MKTG RESEARCH NJ OLSON PU168 FUNDAMNETALS OF MKTG COMMUNICATIONS NY RUSSO PU168 FUNDAMNETALS OF MKTG COMMUNICATIONS NY SO BIT420 EXECUTIVE COMMUNICATION CA WANG PU440 GAINING COMPETITIVE ADVANTAGE NY WHITE BIT420 EXECUTIVE COMMUNICATION CA
The EMPDATA Master File will be the central DBAFILE for the request. Add the following DBA attributes to the bottom of the EMPDATA Master File:
END DBA=DBA1,$ USER = EUSER, ACCESS = R,$ FILENAME = COURSE USER = CUSER2, ACCESS=RW,$
With these DBA attributes, user EUSER will have read access to all files that use EMPDATA as their DBAFILE. User CUSER2 will have read/write access to the COURSE data source.
Add the following security attributes to the bottom of the COURSE Master File. These attributes makes the EMPDATA Master File the central file that contains the security attributes to use for access to the COURSE data source and it sets the DBA attribute to the same value as the DBA attribute in the EMPDATA Master File:
END DBA = DBA1, DBAFILE=EMPDATA,$
Add the following security attributes to the bottom of the TRAINING Master File. These attributes makes the EMPDATA Master File the central file that contains the security attributes to use for access to the TRAINING data source and it sets the DBA attribute to the same value as the DBA attribute in the EMPDATA Master File:
END DBA = DBA1, DBAFILE=EMPDATA,$
Now, in order to run a request against the JOIN structure, there must be a current user password with read access in effect for each file in the JOIN. Issue the following SET PASS command and run the request:
SET PASS = EUSER
or
SET PASS = EUSER IN *
The request runs and produces output because EUSER is a valid user in each of the files in the join.
Since the EMPDATA Master File identifies CUSER2 as a valid user for the COURSE Master File, you can also run the request with the following SET PASS command:
SET USER = EUSER IN EMPDATA, EUSER IN TRAINING, CUSER2 IN COURSE
Issuing a SET PASS command that does not specify a valid password for each file in the JOIN structure produces one of the following messages, and the request does not run:
(FOC052) THE USER DOES NOT HAVE ACCESS TO THE FIELD: fieldname
(FOC047) THE USER DOES NOT HAVE SUFFICIENT ACCESS RIGHTS TO THE FILE: filename
When a DBAFILE includes a FILENAME attribute for a specific Master File, the FILENAME attribute in the referencing Master File must be the same as the FILENAME attribute in the DBA section of the DBAFILE. This prevents users from renaming a Master File to a name unknown by the DBAFILE.
ONE MASTER FILENAME=XONE . . . END DBA=ABC, DBAFILE=FOUR,$ FOUR MASTER FILENAME=XFOUR . . . END DBA=ABC,$ . . . FILENAME=XONE,$ . . .
ONE MASTER is referred to in requests as TABLE FILE ONE. However, both ONE MASTER and the DBA section of the DBAFILE, FOUR MASTER, specify FILENAME=XONE.
For security reasons, the FILENAME attribute in the Master File containing the DBAFILE information should not be the same as the name of that Master File. Note that in Master File FOUR, the FILENAME attribute specifies the name XFOUR.
If there is no mention of the new attribute, DBAFILE, there will be no change in the characteristics of an existing system. In the current system, when a series of data sources is JOINed, the first data source in the list is the controlling data source. Its passwords are the only ones examined. For a COMBINE, only the last data source passwords take effect. All data sources must have the same DBA password.
In the new system, the DBA sections of all data sources in a JOIN or COMBINE are examined. If DBAFILE is included in a Master File, then its passwords and restrictions are read. To make the DBA section of a data source active in a JOIN list or COMBINE, specify DBAFILE for that data source.
After you start to use the new system, convert all of your Master Files. For Database Administrators who want to convert existing systems but do not want a separate physical DBAFILE, the DBAFILE attribute can specify the data source itself.
FILENAME=SEVEN, SEGNAME=.. FIELDNAME=... . . . END DBA=ABC,DBAFILE=SEVEN,$ (OR DBAFILE= ,$) PASS=... PASS=...
Since each data source now contributes its own restrictions, you can JOIN and COMBINE data sources that come from different applications and have different user passwords. The only requirement is a valid password for each data source. You can therefore grant access rights for one application to an application under the control of a different DBA by assigning a password in your system.
You can assign screening conditions to a data source that are automatically applied to any report request that accesses the data source. See the Creating Reports manual for details.