Customize Your Multi-Tier Security

The following instructions will enable you to provide greater security for your database:

1. List all Domain aliases (aka "ServerTypes") which you pass in your DSN's. For example:

Oracle 8.0.x

2. Use a text editor to open the oplrqb.ini file which resides in the /bin sub-directory of your OpenLink server components installation.

3. Locate [Domain Aliases] and determine how your Domain names are being resolved. For example:

[Domain Aliases]
Oracle 8.0.x = ora80

4. Locate the revised names of your Domain Aliases under [Mapping Rules]. For instance:

[Mapping Rules]
ora80:*:*:*:*:*:* = accept generic_ora80. 

5. Determine which fields need added security. Here is a breakdown:

domain_name:database:user:client_os:machine_id:app_name:operation mode* 

6. Build rules which determine which connection parameters should be accepted or rejected by the Broker. For instance:

ora80:*:scott:*:*:*:* = reject generic_ora80       
//This rule rejects all connection attempts made by user scott               

7. Order each rule properly. For example:

ora80:*:*:*:*:*:* = accept generic_ora80                     
// This first rule permits access to generic_ora80 in all scenarios. 

ora80:*:*:*:*:msaccess:* = reject generic_ora80        
// This second rule is never visited, since the first rule clears all connections. 

ora80:*:*:*:*:msaccess:* = reject generic_ora80       
//This rule screens for and rejects MS Access connections first.   

ora80:*:*:*:*:*:* = accept generic_ora80                     
//Connections not initiated by Access are passed to the second rule which clears all other cases. 

8. Save your changes and exit the file.

9. Restart your Broker.

Note: "operation mode" refers to read only (ro) or read/write (rw) access.