Group Service (GRP) Security

Security for the GRP service is administered by the Access Control Service (ACS). As with other CygNet services, security is set on an application and event basis. The application name of the GRP service is defined in the service configuration file using the keyword ACS_APPLICATION. The default is "GRP." The security events are listed in the GRP Events table below.

The following tables provide details about GRP service security settings. See also Security.

Service Application Name	Main Security Event	Component-Level Security	Subject to Application Override
GRP (name defined in service configuration file)	ACCESS (name defined in service configuration file)	Yes, node record and node navigation	No

Service Application Name

Main Security Event

Component-Level Security

Subject to Application Override

GRP (name defined in service configuration file)

ACCESS (name defined in service configuration file)

Yes, node record and node navigation

GRP Events

The following table provides details on all security event types for GRP. See Authorization Levels for an explanation of access levels in the ACS.

Event	Event Description	Authorization Level *	Task
ACCESS	Service content management Note: To edit or delete a node, you must be able to navigate to the node. This requires at least Level 1 authorization for the node’s NAVIGATE Event. If you have Level 5 authorization for the ACCESS Event navigation authorization is not required.	0-None	View list of nodes in the service
		1-Read	View the properties of a node
		2-Update	Edit a node
		3-Add	Add nodes to the service
		4-Delete	Delete a node
		5-Admin	Full permission for all service Events (except ODBC) regardless of the authorization for those Events
NAVIGATE*	Navigate to nodes Note: You must have at least Level 1 (read) authorization for the node’s ACCESS Event to navigate to the node.	0-None	View list of nodes in the service
		1-Read	Navigate to a node
		2-Update	Inclusive
		3-Add	Inclusive
		4-Delete	Inclusive
		5-Admin	Inclusive
ODBC	Access service records from an ODBC-compliant application	0-None	None
		1-Read	View records in the service
		2-Update	Edit existing records
		3-Add	Add records
		4-Delete	Delete records
		5-Admin	Inclusive
SVCINFO	Miscellaneous GenServe security management Note: The SVCINFO event allows changes to log settings and use of the GlobalFunctions method SetGenserveInfo without requiring higher privileges on other actions. Other tasks are listed at right.	0-None	None
		1-Read	Change queue translations This event is used by DBS services to avoid full replication resyncs after failovers.
		5-Admin	Permission level required to perform the following tasks: Give ConfigFileManager remote access to service configuration files Change log settings Change audit levels Perform on-demand backups Change DBS and VHS disk cache minimum and maximum sizes Request an activation check

*Default name. Event name can be changed in the service configuration file.