Subject RE: [IBO] Roles & Permissions
Author Paul Vinkenoog
Hi Alan,

> What settings do I have to set to make my
> IB_Queries/Transaction/IB_Connection allow a user/role which does
> not have insert/update/delete rights for tables.
> i.e. I have a role which is trying to be an enquirer role only. No
> editing. Permissions for the role are set to SELECT REFERENCE on
> all tables When I run the app logged on as this role, I get all my
> queries complaining about not having write access to the table in
> question.
> I've tried all the settings of readonly on queries and transactions
> and prevent editing etc on queries, and request live=false I still
> can't escape permission exceptions..

This sounds weird.

I've recently made an app where a class of users needs to have
select-only acces to certain tables and views. I first created a role
in the db, granted that role SELECT permission where needed, and
had the role granted to some 140 users.

On the IBO side, after some trial and error, I found out that I needed
- set ReadOnly true for the transaction involved;
- set ReadOnly true and RequestLive false for the queries involved.

Other than that, I didn't have to make any non-default settings.
Controls and Grids still have ReadOnly false, queries still have
PreventDeleting, PreventEditing etc. false.

The users log in with their username and the role (the latter is fixed
in the app), and everything works perfectly. There are four queries in
a cascading master-detail relationship and they can browse to their
hearts content :-)

All this is just to let you know that it _should_ work and you don't
need any black magic to make it work.

As to why it doesn't work in your app, just a couple of wild guesses:

- do you have any explicit EditSQL, DeleteSQL etc. in one or more

- do you have any KeySource-Lookup relation?

BTW you only need to grant REFERENCE if you want the grantee to be
able to create FKs that refer to the table in question.

Hope this helps,

Paul Vinkenoog