| Subject | Re: [IBO] LiveMode - read this Jason. |
|---|---|
| Author | Jason Wharton |
| Post date | 2001-03-15T15:48:27Z |
Carlos,
I don't get how this works. I agree that I could do some metadata queries to
find out what roles people are using and therefore the permissions but I
think it is a bit of a can of worms to try and automate this all.
A user can also have permissions too that add in above the role they are
using. Do you want me to have to add all this to the schema cache? What if
they want to use stored procedures as the DML statements? It's just too
messy I think...
How does it know which tables are involved with a query to base the
permissions lookup on? Has IBX finally added a parser to figure things out?
I thought Jeff was entirely opposed to doing that. This sounds to me like
Jeff is changing philosophies mid-stream.
With IBO is all someone has to do is provide an OnGetCanModify event handler
and maintain their own security table lookup to return false if someone
doesn't have the correct permissions.
I suppose I could add a property to do this but it seems to me like people
would need some sort of customized behavior to really get it working right
anyway. I believe in adding properties when they can deliver 100% on what
they promise. This just doesn't seem like a possible case here to me. For
certain it isn't a priority, even if people want to boast IBX over IBO here.
FWIW,
Jason Wharton
CPS - Mesa AZ
http://www.ibobjects.com
I don't get how this works. I agree that I could do some metadata queries to
find out what roles people are using and therefore the permissions but I
think it is a bit of a can of worms to try and automate this all.
A user can also have permissions too that add in above the role they are
using. Do you want me to have to add all this to the schema cache? What if
they want to use stored procedures as the DML statements? It's just too
messy I think...
How does it know which tables are involved with a query to base the
permissions lookup on? Has IBX finally added a parser to figure things out?
I thought Jeff was entirely opposed to doing that. This sounds to me like
Jeff is changing philosophies mid-stream.
With IBO is all someone has to do is provide an OnGetCanModify event handler
and maintain their own security table lookup to return false if someone
doesn't have the correct permissions.
I suppose I could add a property to do this but it seems to me like people
would need some sort of customized behavior to really get it working right
anyway. I believe in adding properties when they can deliver 100% on what
they promise. This just doesn't seem like a possible case here to me. For
certain it isn't a priority, even if people want to boast IBX over IBO here.
FWIW,
Jason Wharton
CPS - Mesa AZ
http://www.ibobjects.com
----- Original Message -----
From: "Carlos H. Cantu" <ibo@...>
To: "Jason Wharton" <IBObjects@yahoogroups.com>
Sent: Thursday, March 15, 2001 5:30 AM
Subject: Re: [IBO] LiveMode - read this Jason.
> Remember a previous discussion about this "rights thing" ? Now some IBX
> defenders on my Interbase-BR list are saying that IBX has the answer and
IBO not
> (...zzzzZZZ).
>
> I think something similar would be interesting to IBO people using
ROLES...
> it would make the life easier for them.
>
> From the IBX 4.52 README file :
>
> 2. New Property - IBDatabase, IBQuery, IBTable - LiveMode, public, Set of
TLiveMode, read-only.
>
> Starting in 4.5 IBX should better support Roles. If you have an
InsertSQL, ModifySQL,
> DeleteSQL and RefreshSQL assigned, when the Dataset is prepared the
LiveMode
> property will reflect what permissions were granted by the server.
LiveMode is a set with
> the following possible values
>
> (lmInsert, lmModify, lmDelete, lmRefresh)
>
> So if your user does not have insert privledges then LiveModes would have
> [lmModify, lmDelete, lmRefresh] and CanInsert will return false. IBX will
stop
> you from going into InsertMode if lmInsert is not part of the LiveMode
set.
>
> You can query LiveMode to determine the roles granted, or normally just
let IBX
> handle the stopping of editing, inserting etc. as needed.
>
> []s
>
> Carlos
> WarmBoot Informatica - http://www.warmboot.com.br
> Interbase-BR - http://www.interbase-br.com
>
> >> Is there a property in IBO similar to the new one in IBX "LiveMode"?
>
> JW> I don't know what IBX's "LiveMode" is. Perhaps you could be more
specific
> JW> about what you want?
>
> >> I have the problem that various users have different rights and I use
> >> the same IBOQuery for everyone. So because my iboq component has an
> >> insert_sql it gives an error when a user who does not have rights to
> >> insert opens it... ...although I control access from my app...
>
> JW> IBO has a RequestLive capability which will try and figure out how to
> JW> deliver a live dataset for you. As long as your queries are fairly
simple it
> JW> will usually figure it out. It does not automatically take permissions
into
> JW> consideration. This is a requested feature that I may consider for a
future
> JW> release.
>
> JW> You might like to take a look at using the PreventInserting,
PreventEditing
> JW> and PreventDeleting properties which would allow you to control the
> JW> permissions in your application.
>
> JW> HTH,
> JW> Jason Wharton
> JW> CPS - Mesa AZ
> JW> http://www.ibobjects.com
>
>
>
>
>
>
> JW> Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/
>
>
>
>
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>