| Subject | RE: [IBO] Handling user permissions |
|---|---|
| Author | Kaputnik |
| Post date | 2001-11-21T09:10:53Z |
What I am currently doing:
All Users have to log in with a role.
I have views and SP's defined on the system tables to get the rights of
the Role for a table, and grant read of the view to all users.
My Datamodules are derived from a base-class, which will loop through
all available queries upon creation, parse the SQLFrom Clause, lookup
the table and the current user's role in the database and set the
preventXXX/RequestLive Property properly.
AFTER this operation the queries can be opened.
This is a pretty fast thing, as the query for the rights is a
parameterized query, the lookups run fast, looping with RTTI is also
pretty fast (not more than 15 queries per data module), and the query
gets closed again after the onCreate, and the lookup-query runs in a
separate transaction, of course.
I have one stored procedure which traverses all available rights
(S,I,U,D) from separate rows into columns of one row and join the result
with the System-Tables for Rights and Tables in a view. Pretty
straight-forward and works like a charm.
Your mileage may vary, as my application is pretty generic and I can
derive my forms and datamouldes from common base classes, all users MUST
logon with a role, and all Functionality is run by MD-Relationships, so
I seldomly have specialities in my queries. All Joins and other things
are put into SP's or Views so queries point always to one destination,
which can be parsed and assigned in my loop.
CU,
Nick Josipovic
BIT Institute
Prof. Dr. Franz Steffens
University of Mannheim
T: ++49 621 181 1621
M: ++49 179 133 44 16
S: ++49 621 181 1622
F: ++49 621 181 1618
nick.josipovic@...
__
__
All Users have to log in with a role.
I have views and SP's defined on the system tables to get the rights of
the Role for a table, and grant read of the view to all users.
My Datamodules are derived from a base-class, which will loop through
all available queries upon creation, parse the SQLFrom Clause, lookup
the table and the current user's role in the database and set the
preventXXX/RequestLive Property properly.
AFTER this operation the queries can be opened.
This is a pretty fast thing, as the query for the rights is a
parameterized query, the lookups run fast, looping with RTTI is also
pretty fast (not more than 15 queries per data module), and the query
gets closed again after the onCreate, and the lookup-query runs in a
separate transaction, of course.
I have one stored procedure which traverses all available rights
(S,I,U,D) from separate rows into columns of one row and join the result
with the System-Tables for Rights and Tables in a view. Pretty
straight-forward and works like a charm.
Your mileage may vary, as my application is pretty generic and I can
derive my forms and datamouldes from common base classes, all users MUST
logon with a role, and all Functionality is run by MD-Relationships, so
I seldomly have specialities in my queries. All Joins and other things
are put into SP's or Views so queries point always to one destination,
which can be parsed and assigned in my loop.
CU,
Nick Josipovic
BIT Institute
Prof. Dr. Franz Steffens
University of Mannheim
T: ++49 621 181 1621
M: ++49 179 133 44 16
S: ++49 621 181 1622
F: ++49 621 181 1618
nick.josipovic@...
> -----Original Message-----________________________________________________________________________
> From: mirco@... [mailto:mirco@...]
> Sent: Wednesday, November 21, 2001 9:55 AM
> To: IBObjects@yahoogroups.com
> Subject: [IBO] Handling user permissions
>
> I am writing an application that provides access for different kinds
> of users. Accordingly, I have set up different users with different
> permissions in the database.
>
> Running my Delphi application based on IBO now causes a problem if
> the user does not have insert/update rights on a table.
> As the customer would like to maintain the users and rights on his
> own, the user interface needs to somehow detect whats the currently
> logged in user is allowed to do.
>
> Suppose the user opens a window with to display and edit the result
> of a query. If the user has write permissions to the table, the query
> should be read/write, if not, read-only.
>
> I tried to setup a query with appropriate update/insert/delete
> statements and (as expected) it works for a user with all
> permissions.
> For the read-only user however, opening the query fails, because IBO
> tries a prepare for the update/insert/delete which does not work.
>
> Is there a way to properly handle this? What I would like to do is
> tell IBO to ignore the update/insert/del statements if they fail to
> prepare. Currently, the error is catched by the database connection's
> error method, which displays a message box.
>
> Thank you for any suggestions
>
> Mirco
>
>
> ------------------------ Yahoo! Groups Sponsor
>
>
__
> _________________________________________________________________________
> IB Objects - direct, complete, custom connectivity to Firebird or
> InterBase
> without the need for BDE, ODBC or any other layer.
>
__
> _http://docs.yahoo.com/info/terms/
> http://www.ibobjects.com - your IBO community resource for Tech Info
> papers,
> keyword-searchable FAQ, community code contributions and more !
>
> Your use of Yahoo! Groups is subject to
>