Skip to main content
Previous sectionNext section

Overview

Authorization is the process of determining which database assets a user can use, view, or change. Database assets include:

  • Databases — Physical files containing data or code.

  • Services — Tools for connecting to Caché, for example, client/server services, telnet.

  • Applications — Caché programs, for example, Caché Server Pages (CSP) applications.

  • Administrative actions — Sets of tasks, for example, starting and stopping Caché or creating backups.

Role-based Security

The Caché security system is role-based. This means that users receive their authorizations through their membership in roles. These roles grant their members sets of privileges which in turn grant permissions (USE, READ, or WRITE) on resources — the logical representation of database assets in the security system.

For example, an individual working in the Human Resources department needs to be able to view and update employee information stored in the EmployeeInfo database. To authorize these actions, the security administrator assigns the individual to the Human Resources role. This role grants its members certain privileges. Specifically, it grants them READ and WRITE permissions on the %DB_EmployeeInfo resource; the resource that represents the EmployeeInfo database in the security system.

The relationships among users, roles, permissions, resources, and assets can be summarized with the following:

Users are members of roles granting permissions on resources protecting assets.