Security Glossary

 

Field Name or Term

Description

Advanced button Allows the addition or deletion of system defined Security Role Advanced Function record/s for a security role. Not able to update person records.

Base Table

The database table from which a security view is created.

Basic Menu

See System Menu

Calendar Category Restriction

Defines the access of a user to data related to specific Calendar Categories. A user must first have been assigned a role which permits access to Calendar Category related data. If the role has been assigned the restriction object for Calendar Category restriction, the user will be restricted to data related to those Calendar Categories recorded as their Calendar Category restrictions. For example, a user with Calendar Category Restrictions of TEACHING and EXAM would be able to view data associated with all Calendar Categories but would only be able to modify Calendar Category related data belonging to TEACHING and EXAM Categories. Access can be further refined by selecting the Update, Insert and/or Delete check boxes for each recorded Calendar Category. The user's ability to modify data would then be confined to the selected functions (Update, Insert etc.) for the Calendar Category. If no Calendar Category Restrictions are defined, the user will have no restrictions and will be able to access all Calendar Categories.

DBA

Database administrator - a computing professional who manages the complete operation of a database management system.

Grant

Grants are a mechanism used to give users privileges to work with system objects and data.

Object

A logical structure defined within the Oracle database. An object has a name, a standard representation and a standard collection of operations that affect it. Tables, views and procedures are objects.

Organisational Unit Restriction

Defines the access of a user to data related to specific Organisational Units. A user must first have been assigned a role which permits access to Organisational Unit related data. If the role has been assigned the restriction object for Organisational Unit restriction then the user will be restricted to data related to those Organisational Units recorded as their Organisational Unit restrictions. For example, a user with an Organisational Unit restriction of Faculty of Management would only be able to view Organisational Unit related data associated with this faculty. Users may have any number of Organisational Unit restrictions. If no Organisational Unit restrictions are defined, the user will not have access to any Organisational Unit related data.

Restriction

A grant which limits the set of data a user can view and the operations they can perform on the data.

Restriction Object

A name used to group the security views applicable to a particular security restriction. A restriction object relates to a specific restriction table. Restriction objects are defined by the restriction table to which they apply and the security views which are defined as being available to them.

Restriction Table

A database table which records the restricted access of users to particular data items. A different restriction table is used for restricting access to data from each different database table. The naming convention which has been adopted for the naming of restriction tables is that each restriction table should have the same name as the database table to which access is being restricted, with the addition of the suffix '_r'. For example, to restrict the access of users to certain Calendar Categories, a user restriction table (sys_cal_cat_r) based on the Calendar Category table (sys_cal_cat) is created. This is illustrated below.

CAL_CAT

USERNAME

TEACHING

peterxx

TEACHING

asmith

DEET

asmith

This restriction table would ensure that user 'peterxx' is only able to access data relating to 'Teaching Calendars', while user 'asmith' is only able to access data relating to 'Teaching and deet Calendars'.

Security Role

The primary means of controlling the access which users have to the System. Security roles are analagous to staffing functions in that a security role can be set up to provide the access which a person carrying out a particular function requires to be able to perform that function. The same person would be excluded from access to areas of the System not defined by the security role assigned to them. A person may have more than one role assigned to them, recognising that the person may have cross functional responsibilities.

Security View

Used where a user is to be restricted to a sub-set of data within the role(s) assigned to them. The actual views are created by the System designers and the data to be viewed is defined in a restriction table. The restriction table is created through forms such as Maintain Calendar Category Restrictions (where data to be accessed is restricted to certain Calendar Categories) and Maintain Organisational Unit Restrictions (where data to be accessed is restricted to certain Organisational Units).

Standard Menu

See System Menu

System Menu

Also called Standard or Basic Menu, describes the menus displayed on logging in to the System. These menus allow navigation to other menus, forms and jobs within the System.

Table

A database object that holds data.

View

A database object that presents a customised slice of a table or a collection of tables. Unlike a table, a view contains no data, just an SQL query. The data retrieved by this query is presented like a table so that it can be worked on as if it were a table.

Zoom

The ability to navigate directly from a current form to another form by selecting the target form from a list under the current form's menu bar zoom option.

Zoom Menu

One of the items appearing in the menu bar above each form. When selected, a list of forms is displayed, enabling direct navigation to these forms.

 

Last Modified on 7 July, 2005