Kbase P119296: Is there a way to stop a user from accessing the database with the -rg parameter?
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
12/01/2009 |
|
Status: Verified
GOAL:
How to block a user from accessing the database with the -rg parameter?
GOAL:
How to force a client to use the -rq parameter?
GOAL:
How to prevent a user from starting a client session with the -rg on command line?
FACT(s) (Environment):
All Supported Operating Systems
Progress/OpenEdge Product Family
FIX:
The answer to your question is yes. Processes connecting to the database, by default make use of the $DLC/startup parameter file. You can add -rq to the bottom of this file, which means any user process connecting to this database will be treated as a -rq client. The problem however, is that commands issued on a command line can supersede the changes made to this file. In other words, if your user knew they could add -rg on the command line, then they could still get in with the permissions of a regular 4GL client.
One way around this would be to modify the actual mpro script to include a -rq parameter at the end of the exec $PROEXE "$@" line. Example: $PROEXE "$@" -rq. Now even if the user attempts to startup a client session with the mpro command with -rg, it will run only with the -rq which was set internally. You could have another mpro command else where on the system for clients that need to write code to modify or delete records. That mpro command of course would not have the -rq in it. The second mpro command could be called whatever filename you want and could reside in a different PATH. Your true 4GL users would know about this mpro command and include it in their PATH environment variable.