All Cradle users have a read-write access mode by default, and as such can create and modify information in their project databases, subject only to Cradle’s security and access control mechanisms such as privileges, classifications, skills, user types and so on.
There are no dedicated read-only user accounts in Cradle. However, there is a mechanism to specify which user accounts should be read-only and which should be read-write for a specified project.
This mechanism might be useful in protecting the consumption of your read-write connections.
Cradle User Control File (UCF)
Cradle contains a cradle_users file that is stored in the admin directory of your Cradle installation. This file allows your System Administrator to control the access mode that a user has for specified projects.
The file allows you to specify the Cradle username, the project code and the access mode separated by a space or tab characters:
Cradle-Username Project-Code Access-Mode
where:
- Cradle-Username – is the Cradle username to be controlled, in uppercase or lowercase, and at most 40 characters
- Project-Code – the project in which the username is defined, specified in uppercase or lowercase, and at most 4 characters
- Access-Mode – the access mode to be assigned whenever anyone logs in to the specified project with the specified username, as:
- R – the username is always to be read-only
- W – the username is always to be read-write
The entries in this file override any -ro or -rw command line options to Cradle tools.
This file is empty by default, so all users would have the ability to connect to databases read-write unless specified otherwise.