ibobjects - Re: [IBO] IB User-security with IBO

Subject	Re: [IBO] IB User-security with IBO
Author	Dmitry Beloshistov
Post date	2001-08-02T13:26:23Z

----- Original Message -----
From: "Martijn Hoedeman" <m.hoedeman@...>
To: <IBObjects@yahoogroups.com>
Sent: Thursday, August 02, 2001 3:45 PM
Subject: [IBO] IB User-security with IBO

> Hi all,
>
> One small detail which I couldn't find either in IBO or in the
newsgroup-archive, is the handling of user-security.
>
> Say a certain user only has read-access(Or no access whatsoever) to a
IB-table while others have full access.
> What would be a good way to check & handle this on the client-side?
>
> One method would be to read the database yourself (RDB$USER_PRIVILEGES I
think it is) but then you would have to do this with almost every screen and
it just feels like a waste of resource.
>
> When I started I (wrongly) assumed that IBO would check the current rights
in the database and adjust the controls accordingly. In case of the user
with only read-access the components would not switch to edit-mode. But when
I use a TIB_Query to access the table (And generate the Insert/Update/Delete
SQL) it raises exceptions in case of too little rights.
>
> I just have the feeling that there is an easier way to handle/access
IB-rights on the client using IBO*
>
> Any help / Pointers welcome
> Cheers
> Martijn Hoedeman

You may use Stored Procedure on server as:

CREATE PROCEDURE CHECK_GRANTS(TABLENAME varchar(31), GRANTNAME char(1))
RETURNS (ISGRANTED integer)
AS
BEGIN
select COUNT(*) from rdb$user_privileges
WHERE RDB$USER=USER and RDB$RELATION_NAME=:TABLENAME
and RDB$PRIVILEGE=:GRANTNAME
INTO :ISGRANTED
SUSPEND;
END

and in source (Delphi, client side) :

Function CheckGrant(TableName:String;GrantName:Char):boolean;
........
with IB_Query1 do
begin
close; sql.clear;
sql.add('select * from CHECK_GRANTS(?TableName,?GrantName)');
Prepare;
ParamValues['TableName']:=TableName;
ParamValues['GrantName']:=GrantName;
ExecSQL;
if FieldByName('ISGRANTED').AsInteger>0 then Result:=True
else Result:=False;
Close;
end;
..........

Procedure UpDateTable;
begin
if not CheckGrant('GRANTEDTABLE','U') then //<--------------- check
for UPDATE grants
raise Exception.Create('You are not have rights for UPDATE table
GRANTEDTABLE!!!');
......
// work with table
.....
end;

WBR, Dmitry Beloshistov AKA [-=BDS=-]
e-mail: torin@...