MicroKernel Engine Security Quick Start
This section provides step-by-step instructions on the fastest, easiest way to secure your Btrieve data files in the operating system while still allowing database users to access the data.
When this procedure is complete, you can revoke operating system user rights to the data files without affecting database user rights to access the data through an application.
*Note: You must be logged into the computer where the database engine is installed, as an operating system user with administrative rights or as a user who is a member of the Pervasive_Admin security group.
1
Start PSQL Control Center (PCC). For how to start PCC, see Starting PCC on Windows in PSQL User's Guide.
2
If the database engine you wish to work with is not registered with PCC, register it now. For how to register a database engine, see To register a remote server engine in PSQL User's Guide.
3
Expand the databases for the registered engine (click the expand icon to the left of the node).
4
In PCC, right-click the database DefaultDB, then click Properties.
5
Click Directories then click New.
6
Type a path for the Btrieve files then click Apply.
If your files are spread over many directories, specify a high-level directory that they all have in common. You can specify a root level if necessary, but doing so includes in DefaultDB all Btrieve files at the root level and its subordinate directories. For example, a root level could be C:\ for Windows. See To use an existing database, including the predefined DefaultDB, with your PSQL files in PSQL User's Guide.
You do not need to enter every directory, just the lowest level directory that is common to all Btrieve files you want to include in the database.
7
Enable security on DefaultDB by clicking the Security node on the Properties dialog tree.
8
Click the Database Security tab.
9
Click Enable Security.
10
Type a password that you wish to use for the Master user, twice as prompted. Click OK.
Now security is turned on, but access is based on OS user rights by default, so your users currently have the same access that they had before. The next step addresses this situation.
Note that passwords are limited to a maximum of 8 bytes. You may use any displayable character in a password except for the semicolon (;) and the question mark (?).
11
Click OK to close the Properties dialog.
12
Expand the Groups for DefaultDB (click the expand icon to the left of the node), then right-click the group PUBLIC.
13
Click Properties then Permissions in the tree.
14
Click the Database tab.
15
Click the desired permissions.
For example, if you want to grant read-only rights to all authenticated users, click Select. This option will give all users read-only rights to the data. To give all users update permission, click Update, and so forth.
If you need to grant individual users varying rights, then you must create group accounts (if desired) and individual user accounts using the GRANT statement in SQL or using PCC. For more information, see Security Tasks in PSQL User's Guide.
16
Click OK.
17
Right-click the database DefaultDB, then click Properties.
18
Click Security then click the Btrieve Security tab.
19
Click Mixed then OK.
*Note: Do not change the Btrieve Security policy setting until you have completed step 15 as instructed. If you have not created user accounts or granted rights to the group PUBLIC, changing the security policy will prevent all your users from accessing the data.
You have now granted login access only to those users who are authenticated by the operating system, and you have specified that the access rights of those users are defined by the permissions you granted to them in the database.
20
Secure the data files in the operating system according to your operating system instructions. You can now deny operating system users from having any rights to the data files, without affecting their ability to access the data through the database engine.
*Caution: Be sure to secure the data files in the operating system. If you do not perform this step, the users still can access the files through the operating system with the same level of permissions that they had prior to this procedure. You must revoke the users’ operating system privileges to the data files if you want to prevent users from being able to delete or modify the files directly.