By default all tags use the GLOBAL user account. This account is the default
account that is used to access all system resources. Upon installing SteelArrow,
the administrator is prompted to decide which tags will be available to the GLOBAL
user account. After SteelArrow is installed, the adminsitrator may use the SAConfig
or supplied SteelArrow scripts to configure user accounts.
Each of the above listed tags can be associated with a username/password pair.
When this is done, and the tag is not already available to the GLOBAL user, the
USERCONTEXT tag must be used to gain
access to the tag.
As an example, the READFILE tag may be
disabled at the GLOBAL level, but may be required within an administration
script for access to a data file. A user account has been setup as admin/123
that has access to the READFILE tag.
The following shows an example of this implementation:
<!--- Put this script into the admin context --->
<SAUSERCONTEXT USERNAME="admin" PASSWORD="123">
<!--- File accessed --->
<SAREADFILE FILE="config.dat" NAME=cfgData>
</SAUSERCONTEXT>
<!--- End admin context --->
As well, tags such as READFILE,
WRITEFILE and
IMPORT will not allow absolute path names.
Absolute path names can be accessed using the FILE
tag. This gives the administrator full control over what resources can be accessed
by a particular user, and allows the adminsitrator the ability to offer access to
data files that the user should have access to without jeopardizing system
integrity.
By only allowing relative path access to data files SteelArrow makes certain that
only files within the script directory (or its sub-directories) can be accessed. As
well, SteelArrow does not allow the use of '..' (parent directory) specifiers when
these tags are used.
If there is a requirement to access resources ouside of the script directory as
described above, a FUNCTION can be created
in the system wide functions.aro file. By creating a function that does a specific
task (ie. copying a file with the FILE tag) the
administrrator can maintain complete security without limitting a user.
Note: The functions.aro file is read in when SteelArrow is started, and is
only accessible to the system administrator. Within this file, functions can be
defined as required, that are available to all users.
|