Hi Ken,
In MvBase, the Account Definition item has 2 ways of restricting write
access:
1. The account itself - i.e. everything inside it can have restrictive
Privilege codes such as SYS0, SYS1, SYS2, etc., which can be used in a
Q-Pointer for specific user to restrict read, write, and so on.
2. The L/RET and L/UPD (the clue is in the name) must match the L/RET
and/or the L/UPD attributes in the user access definition item, else access
and/or Updates simply don't work for that user.
It's all in the manuals somewhere, and works at Account, User, and File
(both Data and Dicts) levels. Else write some code to restrict particular
items with Port, User, Date, Time, and so on restrictions.
For System commands, look up CREATE-ACCOUNT, it's all in there :-)
Have Fun,
Merry
--
+44 (0)7774212819
07774212819
https://www.linkedin.com/in/merryplayerhttps://www.merryplayer.com
Original Message:
Sent: 9/30/2022 7:21:00 AM
From: Kenneth Cibelli
Subject: restricting write access
Hi, all. I used to work for a Rocket UniData client who was able to restrict permissions on production in such a way that for designated production logins, it was not possible to write to disc. One could use the editor, but not file the record; no compiles or catalogs; no file creation; etc. Is there a documented way of setting up this feature? [It has obvious implications for SOX compliance.]
------------------------------
Ken Cibelli
developer
Rocket Forum Shared Account
------------------------------