You provide WebFOCUS security on a file-by-file basis. Implementing DBA security features is a straightforward process in which you specify:

• The names or passwords of WebFOCUS users granted access to a data source.
• The type of access the user is granted.
• The segments, fields, or ranges of data values to which user access is restricted.

The declarations that implement these restriction rules (called security declarations) reside in the Master File that describes the data to WebFOCUS. They tell WebFOCUS that security is needed for the data source and what type of security you want. Each security declaration can consist of one or several of the following attributes:

• The DBA attribute gives the name or password of the Database Administrator for the data source. The Database Administrator has unlimited access to the data source and its Master File.
• The PASS (or USER) attribute identifies a user as a legitimate user of the data source. Only users whose name or password is specified in the Master File of a WebFOCUS data source with security placed on it have access to that data source. To prevent a user from changing passwords, a permanent password (PERMPASS) can be passed in each request.
• The ACCESS attribute defines the type of access a given user has. The four types of access available are:

  RW, which allows a user to both read and write to a data source.

  R, which allows a user only to read data in a data source.

  W, which allows a user to only write new segment instances to a data source.

  U, which allows a user only to update records in a data source.

• The RESTRICT attribute specifies certain segments or fields to which the user is not granted access. It can also be used to restrict the data values a user can see or change.

You can also place security on FOCEXECs and encrypt FOCEXECs, Master Files, and data stored in a native WebFOCUS data source. You can use the WebFOCUS DBA exit routine to let an external security system set the WebFOCUS password. For more information, see Developing a Dynamic DBA Rule.

For a complete description of WebFOCUS DBA security, see the Describing Data With WebFOCUS Language manual.

The following is a Master File that uses security features:

FILENAME = PERS, SUFFIX = FOC,$
SEGMENT = IDSEG, SEGTYPE = S1,$
 FIELD = SSN          ,ALIAS = SSN    ,FORMAT = A9   ,$
 FIELD = FULLNAME     ,ALIAS = FNAME  ,FORMAT = A40  ,$
 FIELD = DIVISION     ,ALIAS = DIV    ,FORMAT = A8   ,$
SEGMENT=COMPSEG, PARENT=IDSEG, SEGTYPE=S1,$
 FIELD = SALARY       ,ALIAS = SAL    ,FORMAT = D8   ,$
 FIELD = DATE         ,ALIAS = DATE   ,FORMAT = YMD  ,$
 FIELD = INCREASE     ,ALIAS = INC    ,FORMAT = D6   ,$
END
DBA=JONES76,$
USER=TOM    ,ACCESS=RW, $
USER=BILL   ,ACCESS=R  ,RESTRICT=SEGMENT   ,NAME=COMPSEG    ,$
USER=JOHN   ,ACCESS=R  ,RESTRICT=FIELD     ,NAME=SALARY     ,$
                                            NAME=INCREASE   ,$
USER=LARRY  ,ACCESS=U  ,RESTRICT=FIELD     ,NAME=SALARY     ,$
USER=TONY   ,ACCESS=R  ,RESTRICT=VALUE     ,NAME=IDSEG,
   VALUE=DIVISION EQ 'WEST' ,$
USER=MARY   ,ACCESS=W  ,RESTRICT=VALUE     ,NAME=SALTEST,
   VALUE=INCREASE+SALARY GE SALARY,$
                                            NAME=HISTTEST,
   VALUE=DIV NE ' ' AND DATE GT 0,$