On Thursday 14 November 2002 20:14, you wrote:

Hi,

> I'm curious about the use of role based security for applications like this
> rather than name based.

Its more of a database thing than a Java thing.

Basically you create Roles in Firebird, and then you can grant
read/write/execute rights to a Role, then you can 'grant' a user to a role
and the user inherites all the Roles rights.

For instance, in our current system, we have 4 Roles

DBA - full access to everything, and rights to alter metadata etc.
ADMIN - full read/write/execute access to all the tables/procedures
USER - read/write/execute access to a subset of tables/procedures
REPORTER - read only access to a few tables and views.

Then as new users are added to the system they are 'assigned' to the most
appropriate role.

As users can be 'assigned' to more than one role, a lot of people use it to
subdivide security across a larger system, so user 'Joe' my belong to the
BILLING and INVIOCING roles, 'fred' belongs to BILLING and CRM roles etc.

The most annoying thing about roles is you have to provide it during
'connection' with your username and password, and there is no such thing as a
default role, so you have to know what Role you want to log in as before you
log in, if you know where I am comming from <g>

Phil

--
Linux 2.4.4-4GB
11:12pm up 30 days, 22:54, 1 user, load average: 0.29, 0.17, 0.10