Kbase P27190: What is runtime security?
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
11/11/2004 |
|
Status: Verified
GOAL:
What is runtime security?
FIX:
Runtime security will check to see if the user requesting to run a piece of code has permissions to do so. If the user does not have authorized the request will be denied.
To establish run-time security, the developer must set up a permissions table within the database.
The permissions table contains records that specify users who are authorized to run specific procedures. Each record in the permissions table must contain at least two fields: an Activity field and a Can-Run field. The Activity field contains the name of the procedure and the Can-Run field contains the user IDs of those who have permission to run the procedure. Within the application, the developer uses the CAN-DO functions to test whether the current user can run a specific procedure.
The security administrator must maintain the permissions table and it is the developer's responsibility to provide the tools to maintain the runtime permissions table.