This section covers how EZ Data Dictionary® handles security concerns, how to setup the databases to address these concerns, what administrative controls might be appropriate and what happens with multiple users.
The ability to view, search and compare metadata about an included database in EZ Data Dictionary® requires no special authority, but simple security policies are easily implemented to define a user’s ability to add or delete databases from the EZDD database, to update the metadata in the EZDD database or to view data from an included database. The user is never able to modify any data in an included database from EZ Data Dictionary®.
Having access to EZ Data Dictionary® gives access only to the metadata for any currently included database. The ability for a user to add a new database to the EZDD database requires that the user have authority to insert records into the EZDD database and have access to the EZDD_Admin module. This operation is typically only accomplished by the EZDD Administrator who has all the necessary permissions.
The ability of a user to go beyond viewing the metadata about the included databases and to modify or update that metadata requires that the user have authority to update the EZDD database itself. This does not in any way give the user any ability to view or modify any actual data in an included database in the EZ Data Dictionary®.
EZ Data Dictionary® provides some capability to view samples of the actual data from an included database or to run SQL against the data in an included database. These functions require that the user is able to supply the correct user code and password to access that included database itself. If the correct user code and password cannot be supplied, the user will not be able to view any data from the included database.
The installation and implementation of the EZDD Database can control whether a user has access to any of the features of EZ Data Dictionary® beyond simple viewing of the metadata of the included databases. In order to add or update included databases, the user must have the appropriate authority in the EZDD database. Also, to modify any of the metadata for the included databases, the user must have the ability to update the EZDD database. These operations are usually only available to the EZDD Administrator.
The default EZDD database that is provided as a demonstration starting database for a user is in Microsoft Access and has no security. This emulates the conditions a user would have when using Microsoft Excel or Word. The EZDD database can be created in SQL Server or Oracle to implement more security, and provide the ability to assign roles to users; for example, to define the EZDD Administrator. There is some additional narrative about the roles in EZ Data Dictionary® in the section about EZDD in Oracle.
EZ Data Dictionary® provides some capability to view samples of the actual data from an included database or to run SQL against the data in an included database. If the included database has any security measures implemented, these functions require that the user is able to supply the correct user code and password to access that database. If security measures exist for the included database and the correct user code and password cannot be supplied, the user will not be able to view any data from the included database.
A logfile will be created whenever the EZDD_Admin module of EZ Data Dictionary® is run. This logfile records information about the functions being accessed and used. it will be named EZDD_ADMIN_LOGFILE.txt and will be placed in the Logfiles folder of the EZDD directory generated at installation. This logfile will be especially useful for debugging any problems that occur during the execution of EZDD_Admin, and will be requested by ICC when any problem is reported.
No logfile will be created when the EZDD_Inquiry module of EZ Data Dictionary® is run.
EZ Data Dictionary® can be concurrently executed by multiple users. The EZDD_Admin module, although typically accessed only by the EZDD Administrator, can be run by up to ten users at one time. If more than one user is running EZDD_Admin, the logfiles will be generated with sequential numbers in the name (eg: EZDD_ADMIN_LOGFILE_1.txt) and a popup will notify the user of the name. The EZDD_Inquiry module can be concurrently accessed by an unlimited number of users.