Subject RE: [IBO] Roles & Permissions
Author Paul Vinkenoog
Hi Alan,

> (...) I also could not just set the transaction readonly, since I
> wanted another role to have the ability to edit one table in a
> particular way (i.e. one field) so I had to clear the SQL and ensure
> that requestlive was false on all queries, otherwise IBO would
> dynamically create update SQL and prepare that

Some good news here:
Custom SQL is prepared right after the select SQL, i.e. when you
prepare the query.
But automatic delete/insert/update/ SQL is not created and prepared
until the first time you (try to) delete/insert/update something.

So you can leave the queries RequestLive and non-ReadOnly. Provided
there's no custom SQL left, you won't get any privilege errors as long
as the user doesn't try to post any changes (and he won't be able to
even try that if the transaction is ReadOnly).