Locking Mechanism
The internal locking mechanism of the RDBMS prevents two or more users from writing to the same data simultaneously. However, requires an additional locking mechanism to enforce some engineering rules. This is done to prevent simultaneous access by more than one user to the same item or related data. For example, when User A is updating a spec sheet, the system prevents User B from updating the same spec sheet or from modifying the same instrument tag number from the Instrument Index module. Another example is when User A is making changes to a cable. The system prevents User B from modifying the cable, its sets, and its wires. Furthermore, if the wires are connected to a terminal, User B cannot access the panels, strips and terminals to which these wires are connected. In this case, neither can User B access panels, strips and terminals associated with these wires by propagation from a device panel.
We implemented this locking in the multi-user RDBMS using stored procedures.
On Oracle, the locking is done using the statements select ... from ... where ... for update nowait.
On SQL Server, a locking table exists on which each locked item has a record. This record will have been created when the transaction is completed.
Users
Every user logs on to using a name and a password. The software records user logon name and password (whether encrypted or not) in the INTOOLS_USER table.
Two types of users are registered in the database server:
-
System Administrator (SA) — This user has privileges of the database System Administrator. These privileges allow the System Administrator to create database schemas, tables, and other database objects. The System Administrator is responsible for setting up the general security definitions, such as password encryption, password expiration, whether user names are required to be unique, and how responds to users who log on with incorrect passwords.
-
user — This user has privileges limited to mainly connected schemas including some minimal rights in the Admin schema. Domain Administrator is a user who has privileges to grant access rights for user groups and perform various administration activities.
Windows Authentication Logon Method
The System Administrator can enable the user to log on to using the Windows authentication logon method. Windows authentication logon method allows the software to create users automatically and assign them to existing groups as soon as these users start . For more information, see Windows Authentication Logon Method in the Administration Help. The following is an example of a Windows authentication logon format:
Windows domain\Windows user name
In this example, the Windows user name corresponds to the name of user's computer.
User Access Rights
Domain Administrator assigns users to groups and grants access rights for each group. When assigning a user to a group, the software associates this user automatically with the appropriate domain. A group can contain one or more users and a user can belong to more than one group.
User definitions and user access rights only apply to application activities and access to items. User definitions and user access rights do not apply to database access or database schema logon name and password.