Category: ZIM-X Basics

Because client and server are separate processes (and can even be on different machines) with Zim Server Connectivity, there are some new options for providing security, although the same basic mechanisms are used.

Using ZIM Security

Within Zim, security is provided through a combination of log in user names, passwords, and entity set, relationship, and field level permissions. The following is a summary.

• Entity sets and relationships belong to the user who created them. They each have Read, Add, Change, and Delete permissions assigned for the owner, anyone in the same group as the owner, and anyone else. A user must have the necessary permissions to carry out any given operation. For example, an entity set might have Read, Add, Change, and Delete permissions assigned for the owner. The group might have Read, Add, and Change while everyone else might only have Read permission. This means the owner can do anything to this entity set. Members of the group cannot delete records. Anyone else can only read the entity set. For more information, see Object Permissions.
• Individual fields can have either Read or Read/Write permissions for the owner, group, and everyone else. If a user does not have any permissions for a field, then the field appears as $NULL to that user.
• User names are defined in the Object Dictionary in the Users entity set. The PASSWORD command is used to define passwords and the LOGIN command is used to LOGIN as a specific user. When Zim is started, you are automatically logged in as the user ZIM. By default, this user is defined as a “super user” who has universal permissions for everything. However, the definition of this user may be changed (by updating the contents of the Users entity set).

Zim Server uses the same facilities. When a Zim application connects to Zim Server, a Database Agent process is started to service requests from that application. The CONNECT command can contain a user name and password. If it does, a LOGIN is executed at the server. If a LOGIN is executed for a specific user, then all subsequent requests to the server are executed under that user. Thus any permissions that have been set up at the server are obeyed.

Permissions (which are set using the PERMISSIONS command) are set in the server database using a development version of Zim with that database on the server machine. Permissions cannot be set from a client Zim application.

Using Operating System Security Features

You can use operating system features to provide security as well. Many possibilities here exist here, but the following points provide some guidelines. Since the means of specifying operating system level security varies from one operating system to another, actual operating system commands are specified. Consult your system documentation for more details on setting file permissions.

• From an operating system point of view, it is the Database Agent process that accesses the files that make up the server database. The Database Agent process operates as the user that started the Zim Server process (unless either the Zim Server process or the Database Agent process have the “set userid” attribute. See your operating system documentation for details). The user that the Database Agent process operates as is called its effective user id. This means that, if the Database Agent process receives a request to read from part of the database, its effective user id must have the necessary operating system permissions to read from the associated files. Similarly, if a request to update the database is received, the Database Agent process’ effective userid must be able to write to the associated files. In general, ensure that the Database Agent process’ effective user id has read and write capabilities for all database files as well as any directories in which the database exists.
• The Database Agent process is started by the Zim Server process.  The Zim Server must have the necessary permissions to execute the Database Agent process. However, the Zim Server process does not access the database directly, so it does not require any permissions with respect to the database.

Given the above, here is one scenario of how security could be provided by using operating system facilities:

• In some cases, it might be desirable to make sure that database files can be accessed only through Zim Integrated Server. This ensures that no one can read or update database files unless they are using the server. Therefore, no one can circumvent the security features that have been implemented in your application or that have been implemented at the server using Zim facilities (see above). To do this, a special system user could be created that
• is used to start the Zim Server process (and becomes the effective user id for the Zim Server and Database Agent processes).
• owns the database directory and all files in it and has read/write permissions for all the files and directories.
• is independent of other users so that no other users are able to access the database

Object Permissions

Entity sets, relationships and fields have security permissions that control how they can be accessed. The permissions defined at the remote database are independent of permissions defined at the client. The following chart illustrates the valid relationships.

• At the server, an entity set, Customers, is defined as well as two users, Bob and Carol. Carl can Read, Add, Change or Delete Customers, but Bob can only Read the entity set. Carol has Read/Write permissions for the Salary Field, while Bob has no permissions for this field.
• Customers is also defined in the Zim application at the client end. Two users are defined at the client, Ted and Alice. Ted has permissions to Read Customers and Alice has permission to Read, Add, Change, or Delete. Ted and Alice have Read/Write permissions for Salary.

Read-only fields

Read-only fields are database fields defined by in a table on the database server. The value of a read-only field is always assigned by the server. Such fields are often identity fields or primary keys that serve to uniquely identify a particular row or record in the table. To create a read-only field, set the Required field to the value of RO or ROE. RO and ROE both designate read-only fields. ROE fields are exported by the Export SQL Definitions facility in the Development Center. RO fields are not exported. When a field is defined as read-only, Zim does not generate syntax that assigns a value to this field, even if the language syntax assigns a value or a value is assigned implicitly because a form field name matches the name of the read-only field.

For example, RO is often useful for pseudo-columns that already exist on the server such as “ROWID” in Oracle database tables. If you create a field in a Zim entityset that reside sin an Oracle database with the name ROWID, Oracle always supplies a value for the field. Making it a read-only field in Zim ensures that Zim does not assign a value to it.

A dynamic configuration setting called "block factor" can be used to tune performance. This factor is the number of records retrieved by Zim each time it fetches records from the database. The larger the number, the fewer times Zim has to query the database, and the more time it takes to retrieve a block. So, the number must be adjusted to an appropriate value and not one that is arbitrarily large.

Continue reading “Block Fetching”

The numeric identifier for the directory.

Valid Values

A value in the range 0 to 248 (DEFAULT = 0)

Remarks

Every directory accessed by an application must have a unique DirId.

If you choose a DirId of 0, the internal ID of the directory is set to match the number assigned to the corresponding operating system file (i.e., ZIMnnnn where nnnn is typically a number between 0100 and 9999). Within each application, the internal ID of all application directories accessed at the same time must be unique.

See Also

Foreign

“Foreign” status of a directory. Indicates whether an application directory is accessible from other Zim databases.

Valid Values

As shown in the table below:

The name of an application directory (Directories); otherwise, the one application directory in which the associated object may exist.

Valid Values

An 18-character string, containing a valid object name

Remarks

In Directories:

DirName is the name assigned to the directory.

In other Object Dictionary entity sets:

In any entity set, the principal object’s DirName must match the DirName of its owner.

If DirName is left blank, the object may exist in any number of application directories.

In DDDescriptions, DirName is where the object being described may be found.

In DisplayForms, DirName is where the owner-display of the associated form may be found.

See Also

ConstName, DDObjectName, DDOwnerName, DisplayName, DocName, EntName, FieldName, FormName, MenuName, OwnerName, RelName, RoleName, SetName, UserName, VarName

The one application directory in which the subject application directory may exist.

Valid Values

An 18-character string, containing a valid object name

Remarks

If OwnerDirName is left blank, the associated application directory may be created in any application directory.

A unique identifier assigned by the Development Center.

Valid Values

A 25-character string (DEFAULT = $Null)

Remarks

ObjectKey is a unique identifier assigned by the Zim Development Center if the Object Manager (ZOM) has been enabled. End-users should not modify its value. Refer to the Development Center documentation for more information.

ObjectKey has a defined ListWidth of -1 and is not normally displayed.

Important Notes Before Running Zim 9 Applications

. Existing databases: Existing Zim databases (that is, pre-version 8) cannot be run directly in Zim 9 but must be first converted to Zim 9 (pre-Zim 9 databases contain less information in their data dictionary and will not be properly understood by Zim 9 and will probably result in corruption). You must follow the conversion steps described in Migrating to Zim 9 documentation;

. Zim executables: Zim 9 no longer has ZimMU, ZimRT, ZimRTMU, ZimQRT, ZimQRTMU, ZimPRT and ZimPRTMU;

. Zim architecture: Zim 9 has a Client/Server architecture, with Zim Server being the server and the clients being Zim (for Windows and Unix) or ZimTC (for Windows only). See steps below on how to run Zim 9 applications;

. Release Notes: All Release Notes for Zim 9 must be read in the Zim help file as many changes were introduced in Zim 9. However, all existing applications remain compatible.

. Unix Painter: The Zim 4.2 Painter for Unix is not available in Zim 9 because the file structure in Zim 9 is different than previous versions of Zim.  A new cross-platform Painter is being developed and will be available soon. Until this new painter is released, you can use one of the following options for painting forms on UNIX:

1) Use the 7.x screen painter.

2) Develop your user interface from your previous version of Zim, and when completed, export the forms definitions to Zim 9.x.

. Configuration Files: Configuration files have significantly changed for simplification (there are no more config.zim, config.db, config.srv and config.def) but rather zimconfig.zim (for the database) and zimconfig.srv (for the server). Refer to the section Types of Configuration Files for more information;

. Work Path: Zim 9 changed the way work paths and database paths are handled in a much simpler way (there is no config.zim anymore). Refer to the documentation of zimdb.zim, Work Path and User Name Directory.

Create your zimdb.zim File

Before you do anything in Zim 9, you must create your zimdb.zim file which is a configuration file that tells Zim Server which databases will be processed.

The chapter Zim Databases Configuration File describes all the details concerning the creation of this file. In essence, entries like this one:

22; Example; /usr/zim/example

tell the Zim Server that the database called Example is located in the operating system directory /usr/zim/example and has the number 22.

Create the Basic Zim Server Configuration

Zim Server always read a configuration file called zimconfig.srv to adjust internal structures and parameters in order to accommodate the size of shared memory and related functionality.

Of significant importance in order to start Zim Server, you can address the following parameters:

maximum databases           5          % tells how many databases will be handled
maximum tables             500          % how many tables there are in all databases
maximum users              100          % how many users will be connected to the databases

scatter table entries  100000          % how many blocks users will use simultaneously

scatter table links       50000          % maximum size of a single transaction in blocks

The above numbers are just suggestions for this configuration file. Evidently, Zim Server can be started with default parameters but, depending on the requirements, Zim Server might detect a lack of resources later.

After running your Zim applications for a while, you might need to fine tune Zim Server. This is described in detail in the section titled Performance Tuning.

Start ZimServer

You can now start ZimServer (the chapter ZimServer gives more details on this).

If everything is alright for ZimServer, it will start with a proper message. Otherwise, it will say that there is  an error and the file zimsvlog.zim (located where Zim was installed) will describe what was the problem that prevented Zim Server from starting.

Once Zim Server has started, you can run a Zim session, described in the following steps.

Run your Zim Application in Zim 9

If your Zim application was originally written in a previous version of Zim, this database must have been converted first to Zim 9 in order to be run in Zim 9. See the above notes and how to convert a database in the chapter Migrating to Zim 9.

Normally, a Zim client session does not need any specific configuration because the default configuration is good enough for all Zim applications. However, if you need to configure something very specific for a specific database being handled by Zim Server, you can create a zimconfig.zim file as described in Database Configuration File. One such situations is when the number of Zim directories exceeds the default number of open Zim directories.

On Unix, you always develop and run using the ZIM executable as described in the ZIM documentation.

Both on Windows and Linux you develop your application using the ZIMIDE utility but you run your Zim application using the ZIMQTC executable.

Usually, these commands are enough to run ZIM or ZIMTC:

zimqtc -n example

where example is the name of the database you want to run as provided in zimdb.zim for Zim Server.

Stop Zim Server

Normally, Zim Server can be left running. If needed, refer to Zim Server documentation on how to stop it.

Behavioral Differences Between Zim 7 and Zim 9

Zim 9 was built to behave exactly the same way previous versions of Zim were behaving in terms of the Zim applications perspective. However, small differences may happen in the following circumstances:

a) Zim Windows with AutoSize attribute set to off might present scroll bars if the forms being displayed are bigger than the size of the window. Normally, Zim executables up to Zim 7.11 wouldn’t present the scroll bars. ZimQt Client, on the other hand, follows the Microsoft Windows standards and present the scroll bars.

To solve this situation, you can paint again the form, this time checking the AutoSize attribute.

b) Input and Output Masks in FormFields: if there is either an input or an output masks in FormFields but its length is smaller than the real length of the field, than a FORM DISPLAY will present the masking characters “?” filling the remaining of the field.

We welcome your feedback. Please send any general or specific comments to:

What is Zim?

Zim is a fully integrated, full-stack enterprise software program designed to streamline and enhance business operations. It provides a comprehensive solution that includes database management, user interface design, development tools, and natural language processing capabilities. Zim is built to support the creation and deployment of robust, feature-rich applications tailored to meet specific business needs. Its architecture ensures scalability, performance optimization, and security, making it ideal for mission-critical applications across various industries.

Key Components of Zim

Zim Server

• Efficient Database Management: Handles the creation, maintenance, and management of ZIM databases, ensuring efficient data sharing and transaction processing.
• Client/Server Architecture: Operates in a client/server mode where Zim Server acts as the server, and ZIM or ZIM Thin Client are the clients.
• Cross-Platform Compatibility: Runs on both Windows and various Linux distributions.

User Interface (UI)

• Intuitive Design: Provides a user-friendly interface that simplifies interaction with the system.
• Customizable: Allows for customization to meet specific business needs and preferences.

Fourth Generation Language (4GL)

• Development Support: Integrates a powerful Fourth Generation Language (4GL) to streamline the development process.
• Feature-Rich Applications: Enables the creation of robust, feature-rich applications tailored to business requirements.

Integrated Development Environment (IDE)

• Development Tools: Works alongside ZIM IDE, assisting developers in building and deploying applications efficiently.
• Administrative Utility: Includes tools like ZimExplore for comprehensive administrative functions, such as database creation, user management, and performance monitoring.

Natural Language Processing (NLP)

• User-Friendly Interaction: Leverages natural language processing to allow users to interact with the system using everyday language, making it easier to query databases, manage data, and perform administrative tasks.
• Enhanced Accessibility: Improves accessibility for users, enabling more intuitive and efficient interactions.

Transactions

• Implicit Transactions: Each Zim command that accesses the database (read-only or read/write) is associated with an implicit transaction. Upon command completion, all acquired locks are released, and any database updates are committed. If the command fails (e.g., due to a deadlock), Zim automatically removes partial updates and releases all locks.
• Explicit Transactions: Support database updates involving multiple commands that must be committed or removed as a single “logical unit of work.” Initiated by the transaction command and ended by either endtransaction (commits updates) or quittransaction (cancels updates). If a command within an explicit transaction fails, all partial updates are removed, and all locks are released.

Physical Structure of a Zim Database

• Database Directory: By default, Zim stores all database files, audit files, and document files in one operating system directory, known as the database directory[1].
• Working Directory: Zim stores all working files in a sub-directory of the database directory, named based on the user connected to the database[1]. This can be customized using configuration options in the zimconfig.zim file[1].
• Directory Relationship: Zim directories contain definitions of database objects and are independent of operating system directories[1]. For example, the Zim root directory is stored as a file called zim0001, and each Zim directory has a corresponding operating system directory for compiled programs[1].
• Special Document File Names: Zim recognizes special file names with specific prefixes for documents[1].

Scalability and Performance

• Scalability: Designed to scale with your business needs, handling increasing amounts of data and user interactions efficiently.
• Performance Optimization: Optimized for high performance, ensuring quick response times and efficient data processing.

Security Features

• Data Security: Implements robust security measures to protect sensitive data.
• User Authentication: Supports user authentication and authorization to control access to the database.

Use Cases

• Enterprise Applications: Ideal for developing and running professional, mission-critical applications.
• Multi-User Environments: Suitable for environments where multiple users need to access and interact with the database simultaneously.
• Embedded IoT Systems: Perfect for embedded IoT systems on the edge, providing reliable data management and processing capabilities for connected devices.

Zim is essential for organizations looking to develop and run professional, mission-critical applications by integrating a lean relational database with powerful development tools, a Fourth Generation Language (4GL), natural language processing capabilities, robust transaction support, and a well-structured physical database architecture.