Managing access control lists (ACL) over database objects
The Access permissions on objects option allows the administrator to create, modify, or delete a security group or access control list (ACL) and manage privileges for database objects. This option provides the following choices:
*Create
Choose Create to define a new group. In New group, specify the group name and provide a description, as shown in Figure 1‑9. Choose OK to add the group to the list of current groups.
Figure 1‑9 Creating a group
*Create As
In Current groups, select an existing group, then choose Create As to define a new group containing the settings, including the name, description, and list of data objects specified for the existing group. Create As copies the settings defined for the existing group to the new group definition. In Create As, specify the group name and provide a description, as shown in Figure 1‑10.
Figure 1‑10 Using Create As to create a group
*Modify
In Current groups, select an existing group, then choose Modify to change the settings specified for an existing group. In Updating group, update the group name or description and grant access to database objects by choosing All, None, or a Custom.
In the list of data objects, choosing All grants full access to objects in the database. Choosing None, the default setting, restricts access to all database objects. Choose Custom to specify limited access to individual database tables and columns, as shown in Figure 1‑11. Choose OK to update the group.
Figure 1‑11 Modifying an existing group
*Delete
In Current groups, select an existing group, then choose Delete to remove a group from the list of current groups. In Deleting group, the name, description, and list of data objects appears, as shown in Figure 1‑12. Choose OK to confirm deleting the group from the list of current groups.
Figure 1‑12 Deleting a group
*Show Access List
Choose Show Access List and, optionally, select Include users, to show the list of groups and associated users with data object privileges in a separate viewer, as shown in Figure 1‑13. This list provides the administrator with quick access to the list of data object privileges defined for each group and user in the BIRT Analytics system. The viewer displays columns to which a group or user has no access in red. Close the viewer after reviewing the information.
Figure 1‑13 Viewing the group access list