Group Service (GRP) Security

Security in the Group Service (GRP) is enforced by the CygNet Access Control Service (ACS). As with other CygNet services, security is set on an Application and Event basis. The application name of the GRP service is defined in the service configuration file.

The security events are listed in the GRP Events table below.

Security for the GRP service is administered by the Access Control Service (ACS). As with other CygNet services, security is set on an application and event basis. The application name of the GRP service is defined in the service configuration file using the keyword ACS_APPLICATION. The default is "GRP." The security events are listed in the GRP Events table below.

The following tables provide details about GRP service security settings. See also Security.

Service Application Name	Main Security Event	Component-Level Security	Subject to Application Override
GRP (name defined in service configuration file)	ACCESS (name defined in service configuration file)	Yes, node record and node navigation	No

Service Application Name

Main Security Event

Component-Level Security

Subject to Application Override

GRP (name defined in service configuration file)

ACCESS (name defined in service configuration file)

Yes, node record and node navigation

GRP Events

The following table provides details on all security event types for GRP. See Authorization Levels for an explanation of access levels in the ACS.

Event	Event Description	Authorization Level *	Task
ACCESS	Service content management Note: To edit or delete a node, you must be able to navigate to the node. This requires at least Level 1 authorization for the node’s NAVIGATE Event. If you have Level 5 authorization for the ACCESS Event navigation authorization is not required.	0-None	View list of nodes in the service
1-Read	View the properties of a node
2-Update	Edit a node
3-Add	Add nodes to the service
4-Delete	Delete a node
5-Admin	Full permission for all service Events (except ODBC) regardless of the authorization for those Events
NAVIGATE*	Navigate to nodes Note: You must have at least Level 1 (read) authorization for the node’s ACCESS Event to navigate to the node.	0-None	View list of nodes in the service
1-Read	Navigate to a node
2-Update	Inclusive
3-Add	Inclusive
4-Delete	Inclusive
5-Admin	Inclusive
ODBC	Access service records from an ODBC-compliant application	0-None	None
1-Read	View records in the service
2-Update	Edit existing records
3-Add	Add records
4-Delete	Delete records
5-Admin	Inclusive
SVCINFO	Miscellaneous GenServe security management Note: The SVCINFO event allows changes to log settings and use of the GlobalFunctions method SetGenserveInfo without requiring higher privileges on other actions. Other tasks are listed at right.	0-None	None
1-Read	Change queue translations This event is used by DBS services to avoid full replication resyncs after failovers.
5-Admin	Permission level required to perform the following tasks: Give ConfigFileManager remote access to service configuration files Change log settings Change audit levels Perform on-demand backups Change DBS and VHS disk cache minimum and maximum sizes Request an activation check

Event

Event Description

Authorization Level *

Task

ACCESS

Service content management

Note: To edit or delete a node, you must be able to navigate to the node. This requires at least Level 1 authorization for the node’s NAVIGATE Event.

If you have Level 5 authorization for the ACCESS Event navigation authorization is not required.

0-None

View list of nodes in the service

1-Read

View the properties of a node

2-Update

Edit a node

3-Add

Add nodes to the service

4-Delete

Delete a node

5-Admin

Full permission for all service Events (except ODBC) regardless of the authorization for those Events

NAVIGATE*

Navigate to nodes

Note: You must have at least Level 1 (read) authorization for the node’s ACCESS Event to navigate to the node.

0-None

View list of nodes in the service

1-Read

Navigate to a node

2-Update

Inclusive

3-Add

Inclusive

4-Delete

Inclusive

5-Admin

Inclusive

ODBC

Access service records from an ODBC-compliant application

0-None

None

1-Read

View records in the service

2-Update

Edit existing records

3-Add

Add records

4-Delete

Delete records

5-Admin

Inclusive

SVCINFO

Miscellaneous GenServe security management

Note: The SVCINFO event allows changes to log settings and use of the GlobalFunctions method SetGenserveInfo without requiring higher privileges on other actions. Other tasks are listed at right.

0-None

None

1-Read

Change queue translations

This event is used by DBS services to avoid full replication resyncs after failovers.

5-Admin

Permission level required to perform the following tasks:

Give ConfigFileManager remote access to service configuration files
Change log settings
Change audit levels
Perform on-demand backups
Change DBS and VHS disk cache minimum and maximum sizes
Request an activation check

*Default name. Event name can be changed in the service configuration file.