Product Documentation

Database Administrator's Guide

Previous Topic

Next Topic

File Permission Masks

Once a user has access to a given file, which might need both user and file passwords to reach, there is one additional level of access control available. This is the “file permission mask,” a set of controls over who can do what with a given file.

Operations Controlled

User permissions with respect to the following file operations can be controlled with the file permission mask for a given file (i.e., “YES, TYPE X USERS have permission to do this operation” or “NO, TYPE X USERS do not have permission to do this operation”):

  • READ the file
  • WRITE to the file (i.e., add, update, or delete individual items in the file)
  • CHANGE THE DEFINITION(s) of the file, including such characteristics as alternative collating sequences or record schemas (see the FairCom DB Programmer’s Reference Guide for details)
  • DELETE the entire file
  • Any combination of the above

If a file has no permission mask, any user who can access the file can perform all the above operations. Remember: A zero permission mask does not mean "no permission"; it means "no security restrictions" (full permission) and no owner and group are assigned.

User Controls

Each of these permissions for a given file can be specified for any or all of the following classes of users:

  • WORLD access: Allow the specified file operations to any user who can access the file (so users who lack a required User ID and/or file password do not have these file-operation permissions).
  • OWNER access: Allow the specified file operations to the current owner of the file. The owner is either the User ID in effect when the file was created or a different User ID who was later assigned as the owner (seeFiles for details).
  • GROUP access: Allow the specified file operations to any User ID currently a member of the same Group as the current File Group.

In summary, a file permission mask permits different degrees of access to a file for the file’s owner, users belonging to the file’s group, and all other users, including guests.

Using the concepts discussed above, the Administrator can establish a sophisticated and flexible security system with the FairCom Server. The mechanism for actually entering information for use by the FairCom Server is a separate program utility, called the Administrator’s Utility, ctadmn.