Setting security levels

Access to your database is controlled by the access levels assigned to tables and groups. When you generate a system catalog, tables are assigned a default access level. When you initialize users and groups, dbcreate or the xfODBC Database Administrator (DBA) program creates default groups (which contain default users) with predefined access levels. After initialization, you can manage access to your database by creating your own groups with appropriate access levels and creating a conversion setup file to customize the access level of your tables.

Important

Without the user and group files (sodbc_user.*, sodbc_group.*), there is no user or password validation when connecting to the database, and all connected users have read‑only access to all database tables. Be sure to generate these files (see Generating the system catalog) and keep them with the other system catalog files.

Understanding access levels for tables and groups

Both tables and groups have access levels, which range from 0 to 255. The access level of a group applies to all users in the group. For users in a group to access a table, that group must have an access level equal to or greater than the table’s access level. Access levels are further defined by odd and even numbers. Even numbers allow read‑only access; odd numbers allow read/write access. This applies to both tables and groups.

Refer to the table below to see how the levels and read/write access of tables and groups interact. Note the following:

When you generate your system catalog, all tables are assigned an access level of 100 (read‑only) by default. You can use a conversion setup file to change table access levels. For information, see Modifying table access levels.

When you initialize users and groups, DBA creates three default users (DBA, DBADMIN, and PUBLIC) and two default groups (SYSTEM and USER). You can use DBADMIN to assign and modify group access levels. We recommend that only the system administrator be assigned to a group with an access level of 254 or higher. For information on how to assign and modify group access levels, see Creating a group.

Important

To update data in a Synergy database, we strongly recommend using a Synergy application that’s designed to efficiently maintain database integrity. If you use an ODBC‑enabled application to write to a Synergy database, you may run into record‑locking issues. For information, see Statements that modify data.