Download GemStone/S Programming Guide

How GemStone Security Works
GemStone Programming Guide
7.1 How GemStone Security Works
GemStone provides security at several levels:
• Login authorization keeps unauthorized users from gaining access to the
repository;
• Privileges limit ability to execute special methods affecting the basic
functioning of the system (for example, the methods that reclaim storage
space); and
• Object level security allows specific groups of users access to individual
objects in the repository.
Login Authorization
You log into GemStone through any of the interfaces provided: GemBuilder for
Smalltalk, GemBuilder for Java, Topaz, or the C interface (see the appropriate
interface manual for details). Whichever interface you use, GemStone requires the
presentation of a user ID (a name or some other identifying string) and a password.
If the user ID and password pair match the user ID and password pair of someone
authorized to use the system, GemStone permits interaction to proceed; if not,
GemStone severs the logical connection.
The GemStone system administrator, or someone with equivalent privileges (see
below), establishes your user ID and password when he or she creates your
UserProfile. The GemStone system administrator can also configure a GemStone
system to monitor failures to log in, and to note the attempts in the Stone log file
after a certain number of failures have occurred within a specified period of time.
A system can also be configured to disable a user account after a certain number
of failed attempts to log into the system through that account. See the GemStone
System Administration Guide for details.
The UserProfile
Each instance of UserProfile is created by the system administrator. The
UserProfile is stored with a set of all other UserProfiles in a set called AllUsers.
The UserProfile contains:
• Your UserID and Password.
• A SymbolList (the list of symbols, or objects, that the user has access to—
UserGlobals, Globals, and Published) for resolving symbols when compiling.
Chapter 3, “Resolving Names and Sharing Objects,” discusses these topics, so
they are not talked about in this chapter.
7-2
GemStone Systems, Inc.
December 2001