Data Access Control

The teams owning the database mechanisms handle the method of controlling data access. In addition, the following access control features allow you to specify in additional detail what operations a user can carry out on elements in the database. This is known as Data Access Control (DAC).

Note:
To use DAC it must be switched on for the project, otherwise only the teams owning database controls will apply.

With DAC switched on, all general users are prevented from carrying out any operation on any part of the database unless they have specifically been given the necessary access rights. DAC uses the following administration database elements:

• Role defines the type of operations a user can carry out. For example, creating, modifying and deleting elements. Roles are defined as a collection of permissible operations (Perops).

• Scope defines the part of the database in which a user can work.

• Access Control Rights (ACRs) are a combination of a role and a scope. Users can, and usually will, have several ACRs, allowing them to carry out specified operations on specified parts of the database.

When you select a pipe to create a support, the application first checks if it can claim the branch. If it cannot claim the branch, an error message displays. A check is made at branch level because another user can modify the branch while it is being supported. This can compromise the integrity of the model because the user may move the branch leg that is being supported.

If the user can claim the element, a further check is made to see if sufficient access rights are available to create supports.

If the status of the pipe is set to locked or issued, an error message displays summarizing the problem upon creation or modification of a support.