| Subject | Re: [IBO] IB User-security with IBO |
|---|---|
| Author | Jason Wharton |
| Post date | 2001-08-02T18:41:21Z |
I use SQL Roles for this and my application knows what roles have what
permissions. It's coded twice I suppose you could say.
I consider security on the database to be a fail safe measure to ensure
security not the place where it is designed to be reflected on the client. I
agree it would be a very nice feature of IBO to automatically query the
metadata on permissions and figure it all out for you based on what you have
there but this is more noise on the wire and there are some queries that I
would not be able to do it with.
What I do plan on improving is how IBO responds to exceptions where a user
doesn't have privileges when they attempt to do an operation. I'd rather it
be more smooth. It would be preferable that the option to edit a dataset be
disabled than enabled and as soon as they attempt it an exception is raised.
Or, even worse to have an exception raised when they haven't even attempted
it.
Regards,
Jason Wharton
CPS - Mesa AZ
http://www.ibobjects.com
permissions. It's coded twice I suppose you could say.
I consider security on the database to be a fail safe measure to ensure
security not the place where it is designed to be reflected on the client. I
agree it would be a very nice feature of IBO to automatically query the
metadata on permissions and figure it all out for you based on what you have
there but this is more noise on the wire and there are some queries that I
would not be able to do it with.
What I do plan on improving is how IBO responds to exceptions where a user
doesn't have privileges when they attempt to do an operation. I'd rather it
be more smooth. It would be preferable that the option to edit a dataset be
disabled than enabled and as soon as they attempt it an exception is raised.
Or, even worse to have an exception raised when they haven't even attempted
it.
Regards,
Jason Wharton
CPS - Mesa AZ
http://www.ibobjects.com
----- Original Message -----
From: "Martijn Hoedeman" <m.hoedeman@...>
To: <IBObjects@yahoogroups.com>
Sent: Thursday, August 02, 2001 5:45 AM
Subject: [IBO] IB User-security with IBO
> Hi all,
>
> One small detail which I couldn't find either in IBO or in the
newsgroup-archive, is the handling of user-security.
>
> Say a certain user only has read-access(Or no access whatsoever) to a
IB-table while others have full access.
> What would be a good way to check & handle this on the client-side?
>
> One method would be to read the database yourself (RDB$USER_PRIVILEGES I
think it is) but then you would have to do this with almost every screen and
it just feels like a waste of resource.
>
> When I started I (wrongly) assumed that IBO would check the current rights
in the database and adjust the controls accordingly. In case of the user
with only read-access the components would not switch to edit-mode. But when
I use a TIB_Query to access the table (And generate the Insert/Update/Delete
SQL) it raises exceptions in case of too little rights.
>
> I just have the feeling that there is an easier way to handle/access
IB-rights on the client using IBO*
>
> Any help / Pointers welcome
> Cheers
> Martijn Hoedeman
>
>
>
>
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>