Product Documentation

Database Administrator's Guide

Previous Topic

Next Topic

FILE_PERMISSIONS

FILE_PERMISSIONS groupID#pmodeA#...#pmodeZ

Permits default file permissions to be assigned to one or more groups including two special groups: WORLD and OWNER. The primary need for this capability is to enforce permission flags on files that have already been created without a permission mask (i.e., the permission mask is zero at file create). A zero permission mask is equivalent to granting everyone all rights:

OPF_ALL | GPF_ALL | WPF_ALL

Note: ALL does not include the special NOPASS flag that permits a file to be opened for reading without supplying the file password. To grant NOPASS permission, it must be included explicitly.

  • groupID is the name of a user group or the special groups WORLD and OWNER. The server does NOT verify that the groupIDs actually exist.
  • pmode entries are symbolic names for the possible permission flags: READ, WRITE, DEF, DELETE, ALL, NOPASS and NONE. NONE should not be used with any other permission flags. It indicates no permissions are granted. Granting a permission of WRITE, DEF or DELETE is equivalent to granting all of the lesser permissions, thus DELETE and ALL are equivalent. For example, #READ#WRITE is equivalent to #WRITE. The groupID and pmode entries are case insensitive.

The WORLD entry applies to file opens by a user whose group(s) do not match any of the specified groups for those files without an explicit permission mask. If there is no WORLD entry, then WORLD permissions default to ALL. The OWNER entry applies to file opens by the users that created the files without an explicit permission masks.

Consider the following entries, and assume all the files in use did not have explicit permission masks at creation. Files with explicit permission masks (except for OPF_ALL | GPF_ALL | WPF_ALL) at creation are not affected by these FILE_PERMISSIONS entries.

FILE_PERMISSIONS OWNER#DEF

FILE_PERMISSIONS inventory#WRITE

FILE_PERMISSIONS ACCOUNTING#write#nopass

FILE_PERMISSIONS WORLD#NONE

In this example, the owner of a file will have READ, WRITE and DEF permissions. The owner of the file cannot delete the file. Members of the INVENTORY group have READ and WRITE permissions. Members of the ACCOUNTING group have READ and WRITE permissions and may open a file without its password (and receive READ permission only). A user who is not the owner of a file and not a member of the ACCOUNTING or INVENTORY groups will be assigned WORLD permissions, which in this case is NONE. NONE means the file cannot be opened.

If a user belongs to multiple groups, and two or more of its groups are specified with the FILE_PERMISSIONS keyword, the permissions granted to the user will be the union of the individual group permissions. However, if the user is the OWNER of the file, it receives OWNER permissions that default to ALL.

TOCIndex