Subject Roles & Permissions
Author Alan McDonald
You've got your applciation running fine. It has the ability to add users to
teh security databaase and assign roles to this user. There is a role
created with grant all on all tables and SP's etc such that many people can
be granted that role and all action in the application work fine thus far.
Now, someone wants a new role created whereby members of this new role have
quite restricted access to certain areas.
So you create the new role, you grant the restricted access (what you think
you need) to this new role and grant the role to a new user.

Now when you startup the application logging on as a user of this new role,
you are met with all the Queries you have running requiring all permissions!

Question: Is it also necessary, application startup, or when each query is
opened, to set the e.g. readonly property to true (if that is the
restriction)? It appears that even if you are just browseing the queries
without actually editing anything, IBO is asking the server for update
Where is the "normal" place to do this - is there a well known strategy for
adjusting your IBO query settings to match the expected role of the user
logging on?