HP 3000 Manuals HP 3000 Manuals
D : How the Data Dictionary is Configured The bulk of the tasks you can perform with the Administrator Utility are those that allow you to configure the data dictionary. You define: * Tables. The data that can be accessed. * Users. How specific PC users can use Information Access. * Security. Which part of the data can be accessed by which users. These three groups of tasks are summarized below. You will learn how to do them in Lesson 2. Menu Structure The Administrator Utility is menu-driven. It consists of: * Menus, from which you choose where to go next. * Data entry screens, where you type information. * Display screens, where you get help or examine definitions. The menus and screens are organized in a hierarchy defined by levels of operation. Figure 1-3 shows the relationship between the first few menu levels. Additional menus and all data entry and display screens are accessible from these menu "branches." There's also a quick way to get to specific screens without stepping through the entire menu path. When you first learn the Administrator Utility, use the menu path and keep Figure 1-3 in mind to help you understand how the utility is organized. (You'll use both methods in these lessons.) The summaries below tell you which menu branch or branches you'll use for that group of tasks.Figure 1-3. Administrator Utility Menu Path Table Configuration Configuring tables for Information Access involves four steps: 1. Configure remote HP 3000 systems if you have remote HP 3000s one node way from the host HP 3000. 2. Configure the data sources that Access Server can access on the host HP 3000 or remote HP 3000s. 3. Configure IMAGE or file tables by drawing items from one dataset or file into a relational table format. 4. Configure view tables by combining items from one or more previously configured tables into one relational table format. This feature allows you to draw information together from several databases or files that reside on one or more HP 3000s. The tables discussed here are configured tables, which differ from saved tables: Configured table. Either an IMAGE table, a file table, or a view table. A configured table is actually a table definition that establishes how the data is arranged when it is loaded into the table. The data is loaded when you access the table, so you always get the most current data. Configured tables are defined by the DBA. They are accessible by all users. Saved table. Contains historical data (that is, a snapshot of the data at the time the table was saved). A saved table is associated with the PC user who saved it and appears on that user's Remote Tables screen labeled Saved. It cannot be accessed by other PC users unless the Host Batch Facility RELEASE_TABLE command is used to let other PC users access that particular table. Step 1: Configuring Remote HP 3000 Systems. If a data source (database or file) from which you want to draw data resides on a remote HP 3000, define that remote system. Use the screens that branch from the HP 3000 Systems Menu. The host system need not be defined. Step 2: Configuring Host and Remote Data Sources. Configure the data sources from which you want to draw data. Data sources can include host or remote databases or files. Use the screens that branch from the Data Sources Menu to define the source of your data. Figure 1-4 pictures a system which has been configured for two remote HP`3000 systems:Figure 1-4. Configuring Data Sources In this example, four IMAGE databases are configured, two on the host HP`3000 and one each on the remote systems. One file is configured on the host HP`3000. Step 3: Configuring Tables from a Data Source. Next, you reach into the databases and files you configured (in Step`2) and, for each dataset or file you're interested in, you define one or more IMAGE or file tables. You can specify which items to include in each table. Each item you choose will become a column head in the table. Use the screens that branch from the Table Menu to configure tables from individual datasets or files in any of the configured databases or files. These screens are used only to handle configured tables. To handle saved tables, use the screens that branch from the System Status Main Menu.
NOTE The examples that follow will be derived from IMAGE tables only, so you can learn about the table configuring process in its simplest form. File tables are derived in a similar way.
Figure 1-5 pictures the same system as in Figure 1-4, with Step 3 completed for IMAGE tables only:Figure 1-5. Configuring IMAGE Tables In this example, four IMAGE tables are configured, named TABLE1 through TABLE4: * TABLE1 comes from a dataset in database DB1. * TABLE2 comes from a dataset in database DB2, and so on. In Figure 1-5, the databases from which these tables come are no longer shown, nor are the HP 3000s on which the databases reside. For purposes of data definition, this information is no longer of concern. From this point on, the data is handled in table form. When Tables Are Accessed. The definition of each table is stored in the Information Access data dictionary, but the tables themselves will not actually be loaded with data until requested through Access PC or through the Host Batch Facility. A table will be saved on the host HP 3000 as historical data (a "saved table") only when requested from a PC or through the Host Batch Facility. From the information gathered on the Configuration Worksheets during the planning stage, you know that some users would like to draw information together into a different view of the data than these IMAGE tables provide. So at this point, you can define the structure of some view tables to do just that. Step 4: Configuring View Tables. You use simple relational operators to draw items from already configured tables into a view table format. The tables from which the items are drawn can be any combination of previously configured tables. Use the screens that branch from the Table Menu to configure view tables that provide different views of your data. Figure 1-6 pictures the final stage of table definition:Figure 1-6. Configuring View Tables In this example: * TABLE5 is a view table which includes items from IMAGE tables TABLE1 and TABLE2. * TABLE6 is a view table which includes items from view table TABLE5 and IMAGE table TABLE3. * TABLE7 is a view table which includes a subset of items from IMAGE table TABLE4. The distinction between IMAGE tables and view tables is something most of your users don't need to be concerned about. In their view of things, TABLE1 through TABLE7 are "remote tables" accessible through Access PC. Only users who are members of access groups with special capabilities (refer to "User Configuration," below) need to understand how view tables differ from other kinds of tables. User Configuration Configuring users of Information Access involves two steps: 1. Configure access groups to name a set of users who need to see the same tables and items, and perform the same level of actions (see, add, and/or delete configured information). 2. Configure valid users, assign them to an access group, and define their use of host system resources. Users are assigned to one and only one access group. The only differences between users in an access group are their saved-table capabilities, MPE priority, and whether or not they are defined as a DBA. If you want to give one user a different level of access to configured table data, create a separate access group for that user. Saved table access is not controlled by the access group to which a user belongs. A saved table is available only to the user who created it, unless the Host Batch Facility RELEASE_TABLE command is used to permit additional access to that table by a specified user (who can be a member of any access group). Here's an example of the commands you'd use to release a saved table to two users: RELEASE_TABLE savedtable1 user3 RELEASE_TABLE savedtable1 user7 Step 1: Configuring Access Groups. Think of an access group as a set of users (one or more) who will want to see and work with the same configured tables. The access group will be used to specify which tables and items the set of users will be able to see when you define security. Each access group has an assigned capability level. All users can see the tables and items associated with their access group by configured security. You can also assign an access group the capability to add IMAGE databases and tables and to delete any configured tables associated with their access group. Use the screens that branch from the Access Group Menu to configure access groups and control user capabilities. After you've configured some access groups, your Information Access Server environment might look like this:Figure 1-7. Configuring Access Groups In this figure, four access groups, GROUP1 through GROUP4, have been defined. At this point, no users belong to the access groups. Step 2: Configuring Users. Users are identified by a name and optional password, which are checked when a PC user requests remote tables. You can set limits on a user's use of host HP 3000 system resources (saved tables, disc space, and MPE priority). If you are the primary DBA, you can also make the user a secondary DBA. Use the screens that branch from the User Menu to define who will be able to use Access Server and what system resources they can use. Once users are added, the system looks like this:Figure 1-8. Configuring Users In this figure, users USER1 through USER9 are defined. Each is assigned to one of the four access groups previously defined. Users are placed together in an access group because they need to see the same data. Next you'll see how to assign access groups to configured tables. Security Configuration IMAGE uses database passwords and user classes to control user views of IMAGE databases. In a similar way, Information Access controls user views of its data by assigning access groups to specified tables and items. Defining security for Information Access data involves assigning an access group to the tables and items its users will be allowed to see: 1. Configure table security by assigning one or more access groups to a table. This makes the table accessible only by users in those access groups. 2. Configure item security by assigning one or more access groups to an item in a table. This makes the item accessible only by users in those access groups. Since a secured item is only accessible if the access group associated with it can see the table containing the item, you must coordinate item security with table security. Public Tables and Items. Public Tables and Items. Tables with no access groups assigned to them are called public tables and are accessible by all users. If no access group is assigned to an item, it will be accessible to all users who can access the table containing that item. If you add security to an item in a public table, then only users in the access group assigned to the item will be able to see that item. Other users will see the rest of the table. There is no need to add table security before adding item security. What you want to avoid, however, is unintentionally creating a public table or a public item by removing the single access group assigned to the table or item. In such cases, if you are the primary DBA, you might want to make Information Access unavailable to your PC users (using the UDC command DISABLEAC) while you make your changes in security.
NOTE Access Server provides a default user capability. This allows any unconfigured user who has a session on the host HP 3000 to look at configured tables using Access PC. If you allow default user capability, then public tables will be accessible by users you have not configured (limited, of course, by the MPE security of the default user's logon). Keep this in mind when you decide what sort of security to put in place and whether or not you want to allow default users into Access Server. (See "Default Users" in Chapter 7, "Configuring Users," in the Information Access Server: Database Administration manual.)
Step 1: Providing Security for Configured Tables. An access group assigned to a table can be thought of as "owning" that table. Use screens that branch from the Table Security Menu to assign an access group (or groups) to a configured table. Here is what your system might look like after table security is assigned to seven tables, specifying previously defined access groups and tables:Figure 1-9. Configuring Table Security * GROUP1 is assigned to TABLE1 and TABLE2. * GROUP2 is assigned to TABLE4 and TABLE5. * GROUP3 is assigned to TABLE6. * GROUP4 is assigned to TABLE5 and TABLE7. Here is the effect of these assignments: * Because TABLE3 has no access groups assigned to it, it is owned by everyone in common and is therefore known as a public table. Users in all access groups will be able to access TABLE3. (Default users will only be able to access TABLE3.) * Think of any table with one access group assigned to it, for example TABLE4, as a solely-owned table. Only users in GROUP2 will have access to TABLE4. * Think of any table with more than one access group assigned to it, for example TABLE5, as a jointly-owned table. Users in GROUP2 and GROUP4 will have access to TABLE5. This is not to say that the views of a jointly-owned table such as TABLE5 will necessarily be the same, however. If you add item security to TABLE5, as described next, users in GROUP2 may see a different set of columns than users in GROUP4. Step 2: Providing Security for Items in Configured Tables. An access group assigned to an item can be thought of as "owning" that item. Use the screens that branch from the Item Security Menu to assign an access group to an item in a configured table. Here, for example, is TABLE5 with item security assigned:Figure 1-10. Configuring Item Security * TABLE5 contains four items, ITEM1 through ITEM4, each of which is a column head in the table. * But the fourth column (ITEM4) contains sensitive information, perhaps salary figures, which you only want USER2 and USER3 to see. So you assign their access group GROUP2 to ITEM4 in TABLE5. Here is the effect of these assignments: * When users in GROUP4 access TABLE5, they'll see a three-column table, with column heads ITEM1, ITEM2, and ITEM3. * But when users in GROUP2 access TABLE5, they'll see the full four-column table, with ITEM1 through ITEM4 as column heads. Step 3: Letting PC Users Into Information Access. At this point, all of your security is in place. If you made Access Server unavailable to PC users, you can now make it available again. You do this by running ADMIN.PPC.SYS with PARM=1 (or by using the UDC command ENABLEAC). If USER3, USER6, and USER9 each ran Access PC and went to the Remote Tables screen, here's what they'd see:Figure 1-11. How Security Affects What PC Users See Given the table security and item security you have in place: * USER3 sees the public table TABLE3 and the two tables (TABLE4 and TABLE5) to which GROUP2 is assigned. * USER6 sees the public table TABLE3 and the one table (TABLE6) to which GROUP3 is assigned. * USER9 sees the public table TABLE3 and the two tables (TABLE5 and TABLE7) to which GROUP4 is assigned. Because of the item security on TABLE5, USER3 sees four columns in TABLE5, but USER9 sees only three columns. At this point, you should have a fairly good overview of Access Server. Now that you have completed this lesson, you're ready to perform an actual configuration. Lesson 2 will guide you through it.
![[]](../../pic3k/M012040/FFN73c50.gif)
![[]](../../pic3k/M012040/FFN83c50.gif)
![[]](../../pic3k/M012040/FFN93c50.gif)
![[]](../../pic3k/M012040/FFN103c50.gif)
![[]](../../pic3k/M012040/FFN113c50.gif)
![[]](../../pic3k/M012040/FFN123c50.gif)
![[]](../../pic3k/M012040/FFN133c50.gif)
![[]](../../pic3k/M012040/FFN143c50.gif)
![[]](../../pic3k/M012040/FFN153c50.gif)