Common implementations for user permissions

This topic lists commonly asked questions about security and permissions, as well as their answers.

How to prevent unknown users from connecting to a database

User permissions must be enabled (Implement users and permissions in this database option selected in the Users and Permissions dialog is a prerequisite).

To allow only known users or user groups to connect to the database, the following steps must be carried out by an administrator or a database owner:

1. Open Administrator.
2. Ensure no database windows are currently open and select Users and Permissions from the Database menu.
3. The Users and Permissions dialog is displayed.
4. Select the Only explicitly defined users can connect to this database option.

If we take the above screenshot as an example, all the users listed in the Users: list and all the members of the workgroups listed in the Users: list (area inside the red outline border) can connect to the database. If an unauthorised user attempts to connect to the database, the following message will be issued:

How to prevent users from changing database-wide settings

It is possible to only permit users with the database owner role to change global settings (e.g., set remote roots, modify user flags, change weather feed configuration, change IWLive Pro Server configuration, etc). 

User permissions must be enabled (Implement users and permissions in this database option selected in the Users and Permissions dialog is a prerequisite).

The following steps must be carried out by an administrator or a database owner:

1. Open Administrator.
2. Ensure no database windows are currently open and select Users and Permissions from the Database menu.
3. The Users and Permissions dialog is displayed.
4. Select the Only database owners can change database-wide settings option.

In the screenshot below, the only users with the database owner role are conradp and all users belonging to the [GeminiAstronauts] (Gemini Group) user group. These are the only users who will be able to change database-wide settings.

How to implement IWLive Pro Permissions

It is possible to control access to various parts of IWLive Pro by implementing IWLive Pro Permissions.

General permissions must be implemented (Implement users and permissions in this database option selected in the Users and Permissions dialog is a prerequisite) before IWLive Pro permissions can be implemented.

To implement restriction on the access of IWLive Pro, the following steps must be carried out by an administrator or a database owner:

1. Open Administrator.
2. Ensure no database windows are currently open and select IWLive Pro Permissions from the Database menu.
3. The IWLive Pro Permissions dialog is displayed.
4. Select the Implement IWLive Pro permissions in this database option.
5. Assign permissions to the listed users and user groups. The permissions are described in the IWLive Pro Permissions dialog topic.

In the screenshot above, conradp is a database owner who can connect to the database when running the IWLive Pro Administrator, IWLive Pro Operator (including the Operator advanced functions) but who has no access to the IWLive Pro Server service. Armstrongn is a database user having access to the database when running the IWLive Pro Administrator and the IWLive Pro Operator (including advanced functions), and to the IWLive Pro Server service. All the users from the [ApolloAstronauts] (Apollo Group) workgroup are database users who can connect to the database when using IWLive Pro Operator and will have access to basic functions only. All the users from the [GeminiAstronauts] (Gemini Group) workgroup are database owners and can connect to the database when using IWLive Pro Administrator and Operator (basic functions only).

How to prevent users from connecting to InfoWorks WS Plus

It is possible to only permit users with the database owner role to connect to InfoWorks WS Plus:

User permissions must be enabled (Implement users and permissions in this database option selected in the Users and Permissions dialog is a prerequisite).

The following steps must be carried out by an administrator or a database owner:

1. Open Administrator.
2. Select Users and Permissions from the Database menu.
3. The Users and Permissions dialog is displayed.
4. Give particular users and user groups the database owner role by ticking the corresponding check boxes:



5. Click OK to save the changes and close the dialog.
6. Select IWLive Pro Permissions from the Database menu
7. The IWLive Pro Permissions dialog is displayed.
8. Ensure the Implement IWLive Pro permissions in this database option is enabled.
9. Enable the Only database owners can connect to InfoWorks WS Plus option.
10. Click OK to save the changes and close the dialog.

In the above scenario, only the users that are listed with the database owner role (as indicated by ‘*’ in both dialogs, conradp in our example) or the users that are members of the groups listed with the database owner role ([GeminiAstronauts] (Gemini Group) in our example) may connect to InfoWorks WS Plus. If an unauthorised user attempts to connect to InfoWorks WS Plus, the following message will be displayed: