VA FileMan V. 22.0 Getting Started HTML Manual Banner


Main Chapter Getting Started Manual Programmer Manual

Data Security

Security at the File Level

There are two methods of controlling access to files:

On a particular system only one method is in effect at a particular time. If File Access Security has been installed, it controls file-level security. Otherwise, access is controlled by Access Codes. Obviously, if you are using VA FileMan without Kernel, only Access Code security is possible.

Access Code Security on Files

The Access Code is a string of characters that correspond to functional data access categories. For example, A might correspond to entry/editing of Administrative Data, a lower case a might correspond to viewing of Administrative data, F might correspond to entering or editing of Fiscal data, and f to viewing of Fiscal data.

Typically, you go through a password-checking signon process before using VA FileMan. During signon, you are identified by the system and your Access Code is set. For example, it might be equal to Aaf, if you are identified as someone entitled to view and change Administrative data, but only to view (search and print) Fiscal data. If you lack any such security clearance, the default value of the Access Code entry is simply null.

These Access Codes are used to control access to files in six different ways:

Access Code Description
READ Controls use of the file by Print File Entries, Search File Entries, Inquire to File Entries, Statistics, List File Attributes, and Transfer File Entries (transfer-from file) options.
WRITE Controls use of Enter or Edit File Entries and Transfer File Entries (transfer-to file) options.
DELETE Controls deletion of an entire entry in the Enter or Edit File Entries or the Transfer Entries options.
LAYGO Controls creating a new entry within the Enter or Edit File Entries option. You must have LAYGO as well as WRITE access to a file to add new entries. Additionally, you must have WRITE access on the field level to all required identifiers.
DD Controls use of the Modify File Attributes and Utility Functions (Data Dictionary) options.
AUDIT Controls the setting of auditing characteristics and the deletion of audit trails.

All these controls are based on the value of the Access Code. When you access a file, under any of these options, you will not be allowed to access any file that is protected unless your current Access Code either equals an at-sign ("@") or contains at least one character in common with the protection code string of the file. The at-sign ("@") is generally reserved for use by programmers; it gives programmer access.

Any new file that you create with a code string in your Access Code will automatically be given READ, WRITE, DELETE, LAYGO, and AUDIT Access Codes equal to that code string. To change these codes later, use the Edit File option of the Utility Functions submenu. Be sure when doing so that your own Access Code contains the codes you want to add or equals the at-sign ("@").

File Access Security (Formerly Part 3 of Kernel)

VA FileMan also has the ability to perform a lookup into a user's record and see if a specific file has been assigned. If your Systems Manager has run the special conversion to have access controlled by the ACCESSIBLE FILE Multiple in the NEW PERSON file (#200), then access to a file is not based on an Access Code. Rather, a lookup is done in your record to see if you are allowed access to the file in question. If your VA FileMan Access Code is the at-sign ("@"), you will be allowed access to all files, even if this special conversion has been performed.

Access to files is granted to you by the Systems Manager who uses Kernel's File Access Security system. (See the Kernel manuals for detailed information about File Access Security.)


Reviewed/Updated: March 4, 2007