Blob Storage Services (BSS and APPS) Security

Security for the BSS and APPS services is administered by the Access Control Service (ACS). As with other CygNet services, security is set on an application and event basis. The application name of the BSS and APS services is defined in the service configuration file using the keyword ACS_APPLICATION. The default is "BSS" and "APPS" respectively. The security events are listed in the BSS Events table below.

The following tables provide details about BSS and APPS security settings. See also Security.

Service Application Name	Main Security Event	Component-Level Security	Subject to Application Override
BSS and APPS (name defined in service configuration files)	ACCESS (name defined in service configuration files)	Yes (file and file groups) See Component-Level Security.	No

Service Application Name

Main Security Event

Component-Level Security

Subject to Application Override

BSS and APPS (name defined in service configuration files)

ACCESS (name defined in service configuration files)

Yes (file and file groups)

See Component-Level Security.

BSS Events

Event	Event Description	Authorization	Tasks
ACCESS	Service content management	0-None	View list of files in the service
		1-Read	View BSS file properties. Open a file (for example, Studio file)
		2-Update	Edit the BSS properties of a file Update the contents of a file Download files Replace files
		3-Add	Add (upload) files
		4-Delete	Delete files
		5-Admin	Full permission for all service Events (except ODBC) regardless of the authorization for those Events
ODBC	Access service records from an ODBC-compliant application	0-None	None
		1-Read	View records in the service
		2-Update	Edit existing records
		3-Add	Add records
		4-Delete	Delete records
		5-Admin	Inclusive
SVCINFO	Miscellaneous GenServe security management Note: The SVCINFO event allows changes to log settings and use of the GlobalFunctions method SetGenserveInfo without requiring higher privileges on other actions. Other tasks are listed at right.	0-None	None
		1-Read	Change queue translations This event is used by DBS services to avoid full replication resyncs after failovers.
		5-Admin	Permission level required to perform the following tasks: Give ConfigFileManager remote access to service configuration files Change log settings Change audit levels Perform on-demand backups Change DBS and VHS disk cache minimum and maximum sizes Request an activation check Trigger an APPS file load (used by CHostUpdater)

BSS and APPS Component-Level Security