Kbase P18311: Programmatically restrict a user from performing table CREATE, WRITE, DELETE, DUMP or LOAD activitie
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
10/07/2008 |
|
Status: Unverified
GOAL:
4GL/ABL: How to programmatically restrict a user from performing any CREATE, WRITE, DELETE, DUMP or LOAD database activities?
GOAL:
SQL-89: Can the database restrictions be defined for ODBC clients connecting to Progress Version 8.x databases via the Progress SQL-89 ODBC driver?
FACT(s) (Environment):
All Supported Operating Systems
Progress 8.x
Progress 9.x
OpenEdge 10.x
FIX:
The following code will restrict the user named ReadOnlyUser from performing any CREATE, WRITE, DELETE, DUMP or LOAD activites against of any of the database system or user data tables:
FOR EACH _File WHERE _File-Number LT 32768:
ASSIGN
_File._Can-Create = "!ReadOnlyUser," + _File._Can-Create
_File._Can-Write = "!ReadOnlyUser," + _File._Can-Write
_File._Can-Delete = "!ReadOnlyUser," + _File._Can-Delete
_File._Can-Load = "!ReadOnlyUser," + _File._Can-Load
_File._Can-Dump = "!ReadOnlyUser," + _File._Can-Dump NO-ERROR.
END.
1. The _CAN-DUMP restriction applies to table data and not to data definitions.
2. The NO-ERROR option suppresses error messages generated due to SQL-92 related tables.
3. The above generalized restriction code prevents the ReadOnlyUser from creating a new user to circumvent the imposed restrictions.
4. Since the SQL-89 engine is part of the Progress 4GL engine, the above restrictions also apply for ODBC clients connecting to a Progress Version 8.x database using the Progress SQL-89 ODBC driver.