5.2.1 LANSA Objects and Security
The LANSA security system normally deals with:
- Fields
- Files
- Processes (and optionally their associated functions)
- Weblets
Security at the function level is optional. Using function level security involves more run time security checking, and therefore uses more system resources.
A flag in the system definition data area DC@A01 must be set to indicate that function level security is required. Refer to Execution and Security Settings for details.
There are four additional special objects that LANSA deals with. These are:
- System Partitions
- Application Templates
- System Variables
- Multilingual Variables.
Access to all of these objects is controlled by the LANSA security system.
Refer to 5.8 System Partition Definitions and 5.13 Application Templates for further information. Application Template Program Examples are found in the LANSA Developer Guide.
Within the LANSA security system there are 2 'classes' of access associated with any object type. These are:
- Access to the DEFINITION of the object. This class of access is applicable to fields, files, processes, functions, partitions, templates, system variables and multilingual variables. This access controls a users right the USE, MODIFY and DELETE the definition of an object.
- Access to the DATA contained in an object. This class of access is only applicable to files. This access controls a users right to READ, ADD, CHANGE or DELETE information (records) contained in the file.
The 2 object classes (DEFINITION and DATA) and the way they affect the 7 object types can be summarized in the following table.
|
Obj Type |
Access Class |
Description Of Access Allowable |
|
FIELD |
DEF |
USE: User can use the field definition. MODIFY: User can modify the field definition. DELETE: User can delete the field definition. |
|
DATA |
Data rights are not applicable. |
|
|
FILE |
DEF |
USE: User can use the file definition. MODIFY: User can modify the file definition. DELETE: User can delete the file definition. |
|
DATA |
READ: User can read records from the file. ADD: User can add records to the file. CHANGE: User can change records in the file DELETE: User can delete records from the file. |
|
|
PROCESS or FUNCTION |
DEF |
USE: User can use (run) the process/function. MODIFY: User can change the definition. DELETE: User can delete the definition. |
|
DATA |
Data rights are not applicable. |
|
|
PARTITION |
DEF |
USE: User can access the partition. MODIFY: User can change the partition definition. DELETE: User can delete the partition definition. |
|
DATA |
Data rights are not applicable. |
|
|
TEMPLATE |
DEF |
USE: User can use the template. MODIFY: User can change the template definition. DELETE: User can delete the template definition. |
|
DATA |
Data rights are not applicable. |
|
|
SYSTEM VARIABLE |
DEF |
USE: User can use the system variable. MODIFY: User can change the system variable. DELETE: User can delete the system variable. |
|
DATA |
Data rights are not applicable. |
|
|
MULTILINGUAL VARIABLE |
DEF |
USE: User can use the multilingual variable. MODIFY: User can change the multilingual variable. DELETE: User can delete the multilingual variable. |
|
DATA |
Data rights are not applicable. |
|
|
WEBLET |
DEF |
USE: User can use the field definition. MODIFY: User can modify the field definition. DELETE: User can delete the field definition. |
|
DATA |
Data rights are not applicable. |