| Subject | Re: [ib-support] ROLES / LOGIN , control access to GUI user |
|---|---|
| Author | wayne |
| Post date | 2002-11-16T17:48:37Z |
Thanks Helen,
...
I will have to read more on the topic ,, but I think you made it pretty
Clear.
Helen Borrie wrote:
...
I will have to read more on the topic ,, but I think you made it pretty
Clear.
Helen Borrie wrote:
> At 12:56 PM 16-11-02 +0200, you wrote:
>
>>I have to control access to various parts of my program.
>>How does one do this ? ...
>>
>>Could one use ROLES / USER / PASSWORD logins to
>>restrict access to the GUI ?
>
>
> No. The database and the database server don't even know about your
> application.
>
>
>
>>What will happen if a USER logs in with a ROLE that is not assigened to
>>the user?
>
>
> Unless the user is SYSDBA, it has no rights on the server except to create
> a database. If the (non-SYSDBA) user creates a database, that user will be
> the Owner of the database and of any objects which that user creates. The
> server doesn't know about ROLES - these are specific to the database in
> which they are created.
>
> Any user on the server can log in to any database on the server but, except
> for the Owner and SYSDBA, that user will not be able to see or do anything
> unless it is given privileges to specific objects.
>
>
>>My guess is that an Excpetion will be thrown if data is
>>accessed that is not assigned to that role.
>
>
> Data is not assigned to a role. A role is granted specific privileges (or
> ALL privileges) to a specific object. This happens inside the database,
> not at server level.
>
>
>
>>What will hapen if a USER logs in via a ROLE that is not assigned to
>>that USER ? How does one prevent this ?
>
>
> Here's how it works. You create a role in the database. Next, you grant
> some privileges to that role for some data objects. Next, you grant that
> role to a user. After that, the user will have the privileges of that
> role. So don't grant a role to a user that you don't want to have the
> privileges of that role.
>
>
>
>>Most of the Buttons in my applciation is controled via an ActionList so
>>base apon the ROLE I could disable/enable the appropriate Actions.
>>Can this be done, How does one determine the ROLE that is assinged to
>>the USER ?
>
>
> That's not quite how it works. ROLE and USER apply to database
> privileges: they are not "aware" of your application at all. If your
> application accesses a database object for which the role and/or user which
> were used to connect the application to the db do not have the appropriate
> privileges, a database exception will occur.
>
> However, your *application* is aware of the role and user that are
> connected; and a connection can only involve one role and one user; so
> you could easily devise ways for your app code to use these connection
> attributes to condition things like whether a button is enabled, etc., and
> pre-empt permissions errors.
>
>
>
>>How does one use ROLES to control access, or is it not
>>intended for such use ?
>
>
> It is exactly intended to control access to database objects. It sounds as
> if you need to study this a bit...see the ibdocs and look for some papers
> at www.ibphoenix.com
>
> One way you can use SQL privileges is to create views or sel. SPs that
> provide a restricted view of a table or group of tables and grant
> permissions to roles or users to those, while withholding permissions for
> the underlying tables.
>
> heLen
>
>
>
> To unsubscribe from this group, send an email to:
> ib-support-unsubscribe@egroups.com
>
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
>