This topic takes a hypothetical example of a multi-department company, and implements a number of security strategies from within the MultiValue environment.
Stage 1: Defining the Departments
In this example, each department of the company is assigned a two-character code when setting up the respective accounts for each department. Note that certain users within each department might have differing access levels (in this case, 0 being lowest, and 3 being highest). Thus, there would be a need for multiple accounts within each department.
These account codes might be as follows:
|
Department |
Code |
Access Level(s) in Dept. |
|
Administration |
AD |
0-3 |
|
Accounting |
AC |
0-3 |
|
Engineering |
EN |
0-3 |
|
Information Technology |
IT |
0-3 |
|
Manufacturing |
MF |
0-3 |
|
Material Control |
MC |
0-3 |
|
Quality |
QA |
0-3 |
|
Sales |
SL |
0-3 |
|
Service |
SR |
0-3 |
Thus, each department actually has four account codes, one for each of the respective access levels (e.g., the Administration department has accounts AD0 through AD3, with the AD3 account having the highest access level within the Administration department).
Stage 2: Creating the Accounts
Once the desired account names have been planned, the multiple accounts for each department must be created.
During creation of each account (using the CREATE-ACCOUNT command), establish the following three account definition parameters:
A password (line 7 of the account definition items)
Update and retrieval codes (lines 5-6 of the account definition items)
D codes (lines 5-6 of the account definition items)
Defining the System File (D & Q) Items
SYSTEM D-pointers are created using the CREATE-ACCOUNT command. SYSTEM Q-pointers are typically created with the ED command. See the Guide to mvBase Files and Accounts for additional information about these commands. Once created, these D or Q-pointers are modified by using the ED command, which modifies lines 5 and 6.
|
Account Name |
Password |
Code |
Value |
|
ADM_mgr |
aaaaa |
Retrieval (5) |
AD0]AD1]AD2]AD3 |
|
Update (6) |
AD0]AD1]AD2]AD3 |
||
|
DM_staff |
aaaaa |
Retrieval (5) |
AD0 |
|
Update (6) |
AD0 |
||
|
IT_name |
aaaaa |
Retrieval (5) |
AD0]AD1]AD2]AD3 AC0]AC1]AC2]AC3 EN0]AN1]EN2]EN3 IT0]IT1]IT2]IT3 MF0]MF1]MF2]MF3 MC0]MC1]MC2]MC3 QA0]QA1]QA2]QA3 SL0]SL1]SL2]SL3 SR0]SR1]SR2]SR3 |
|
Update (6) |
AD0]AD1]AD2]AD3 AC0]AC1]AC2]AC3 EN0]AN1]EN2]EN3 IT0]IT1]IT2]IT3 MF0]MF1]MF2]MF3 MC0]MC1]MC2]MC3 QA0]QA1]QA2]QA3 SL0]SL1]SL2]SL3 SR0]SR1]SR2]SR3 |
Defining the File (D) Items
File pointers are created with the CREATE-FILE command and modified with the ED command.
|
File Name |
Code |
Value |
|
Employee_Name |
Retrieval (5) |
AD1 |
|
Update (6) |
AD1 |
|
|
Salary |
Retrieval (5) |
AD3 |
|
Update (6) |
AD3 |
See Also
Implementing MultiValue Security
Line 1: Using D Codes in Account Attributes
Lines 5 and 6: Using Retrieval and Update Codes
Line 7: Assigning, Changing and Deleting Account Passwords
Line 8: Using System Privilege Level Codes
Line 9: Using Automatic Logoff
Line 9: Using Account Definition Codes
Line 9: Restricting Access to TCL and Commands