|
|
|
When FairCom DB creates a file, the User ID of the creating user is assigned to the file as the file’s owner. The owner’s default group is also assigned to the file unless the creating function specifies one of the owner’s other Group ID’s.
Further, the user may specify a permission mask that determines the kind of access that users may acquire on subsequent opens. The mask is comprised of three components: owner permissions, group permissions and world permissions. With this structure, you are able to allow different users different levels of access to the file.
When the owner of a file opens that file, that user is given owner’s permissions. Typically this level allows the user the most flexibility in managing the file. If a user who is not an owner of the file opens that file, FairCom DB looks at the groups the user belongs to. If that user is a member of the group assigned to the file then the user is granted group permissions. Finally, a user not falling into these categories is granted world permissions. Generally, permissions become more restrictive as you go from owner to world.
For example, an owner of a file may be able to read, write, and update records, and delete the file if necessary. Another user who is a member of the group for that file could have permission to read, write, and update records, but not to delete the file. Finally, a user who is not an owner, and not a member of the file’s group, may have permission only to read the file.
Permission Mask
When the file is created you will provide a permission mask for that file. The permission mask is formed by OR-ing the appropriate permission constants (found in ctport.h) from the following list:
Permission Constant |
Description |
|---|---|
OPF_READ |
owner read permission |
OPF_WRITE |
owner write/update permission |
OPF_DEF |
owner file definition permission |
OPF_DELETE |
owner file deletion permission |
OPF_ALL |
owner granted all permissions |
OPF_NOPASS |
owner grants read only without password |
GPF_NONE |
group access denied |
GPF_READ |
group read permission |
GPF_WRITE |
group write/update permission |
GPF_DEF |
group file definition permission |
GPF_DELETE |
group file deletion permission |
GPF_NOPASS |
group read only access without password |
WPF_NONE |
world access denied |
WPF_READ |
world read permission |
WPF_WRITE |
world write/update permission |
WPF_DEF |
world file definition permission |
WPF_DELETE |
world file deletion permission |
WPF_NOPASS |
world read only access without password |
For example, to grant the owner all permissions, to grant group members read and update permissions, and to permit no access outside of the group, the permission mask should be defined as:
(OPF_ALL | GPF_READ | GPF_WRITE | WPF_NONE)
If no permission mask is assigned to the file, owner, group and world are granted all permissions. Permission masks, file ownership and group assignment may also be changed by using the Security() function, or by the system administrator.
