Security Scheme Import Syntax
Contents
A security scheme import file is a text file that can contain leading comment lines and a series of [GROUP] 'folds'. A 'fold' is a set of lines preceded by a line of "{{{ 'fold title'" and terminated by a line of "}}}". By convention, these files have a .SEC file extension. The default security scheme can be seen in the configs folder and provide comprehensive examples.
... [GROUP]
The syntax of the fold title is one of:
•[GROUP] GroupNumber [IS] GroupName
•[GROUP] GroupNumber [DO]
•[GROUP] ALL
When GroupNumber is in the range 2..30 it identifies the group being defined. When GroupNumber is ALL, the settings in the fold are applied to all groups (2..30). Group 1 (the quickSOFT group) cannot be changed. When the [IS] option is present, the GroupName is the name to give the group and its description is reset (so the group fold contents define it completely). When the [DO] option is present the existing group name and description are preserved. The contents of the fold define the access privileges available to the group. Only groups whose access is beyond the 'raw' defaults need be defined. Only groups the logged in user is a member of can be changed, and only things the user has access to can be changed.
Attempts to change things the user has no access to are (silently) ignored.
The 'raw' defaults are:
•(1) quickSOFT: everything
•(2) Agent: everything
•(3) System Admin: everything
•(4..30) Others: nothing
The fold can contain group description lines followed by any number of 'include' and 'exclude' lines. Facilities can be included/excluded at various levels:
•SYSTEM - refers to everything in the system
•MODULE - refers to everything in a module
•PROCESS - refers to a menu runnable process (ASP)
•FILE - refers to a file (ASD)
•FIELD - refers to a field (ASF)
•DEFAULT - refers to a default (VDS)
•WIZARD - refers to a wizard (DRH)
•MENU - refers to a menu (BMN)
The include/exclude lines are processed in the order they are encountered. The possible line types and their syntax/semantics are:
EXCLUDE_SYSTEM:flags |
all group bits in all ASD, ASF, ASP, BMN, VDS and DRH records are turned off as directed by the flags |
INCLUDE_MODULE:xx{,xx} |
xx{,xx} is a comma separated list of module IDs all ASD, ASF, ASP, BMN, VDS, DRH records for the modules identified are turned on |
INCLUDE_MODULE:xx{,xx} |
xx{,xx} is a comma separated list of module IDs all ASD, ASF, ASP, BMN, VDS, DRH records for the modules identified are turned off |
INCLUDE_PROCESS:p{,p} |
p{,p} is a comma separated list of menu runnable processes all identified ASP records are turned on |
EXCLUDE_PROCESS:p{,p} |
p{,p} is a comma separated list of menu runnable processes all identified ASP records are turned off |
INCLUDE_DEFAULT:d{,d} |
d{,d} is a comma separated list of system default names all identified defaults are turned on |
EXCLUDE_DEFAULT:d{,d} |
d{,d} is a comma separated list of system default names all identified defaults are turned off |
INCLUDE_WIZARD:w{,w} |
w{,w} is a comma separated list of wizard names all identified wizards are turned on |
EXCLUDE_WIZARD:w{,w} |
w{,w} is a comma separated list of wizard names all identified wizards are turned off |
INCLUDE_FILES:tla{,tla} |
tla{,tla} is a comma separated list of file privileges all identified ASD records for the identified access are turned on |
EXCLUDE_FILES:tla{,tla} |
tla{,tla} is a comma separated list of file privileges all identified ASD records for the identified access are turned off |
INCLUDE_FIELD:name{,name} |
name{,name} is a comma separated list of field privileges all identified ASF records for the identified access are turned on |
EXCLUDE_FIELD:name{,name} |
name{,name} is a comma separated list of field privileges all identified ASF records for the identified access are turned off |
INCLUDE_MENU:m{,m} |
m{,m} is a comma separated list of menu names all identified BMN records are turned on |
EXCLUDE_MENU:m{,m} |
m{,m} is a comma separated list of menu names all identified BMN records are turned off |
the flags syntax is: [P][F][S][V][D][W][M] |
P=processes,F=files(full access),S=Files(select only),V=fields,D=defaults,W=wizards,M=menus if flags is not present PFVDWM is assumed (i.e. all present), if present they control what is to be included/excluded |
the module ID syntax is: xx([P][F][S][V][D][W][M]) |
The xx is the two letter module mnemonic. The letters in []'s have the same meaning as the flags (above). xx==xx()==xx(PFVDWM) |
the tla syntax is: tla([S][C][I][D]) |
The tla is the three letter file mnemonic. S=select,C=change,I=insert,D=delete tla==tla()==tla(SCID) |
the field name syntax is: name([V][E][#]) |
V=view, E=edit, #=level (0..9) name==name()==name(VE0) |
Note: The import file is read via the ZB source file scanning system. This provides an 'include' capability. Lines beginning !#INCLUDE and !#SECTION implement this and are recognised by ZB. Thus these lines can appear anywhere in the script. See the Import File Include Sections for details.