Login

Consultor Eletrônico



Kbase P171698: 4GL/ABL: How to programmatically assign an OpenEdge database security administrator?
Autor   Progress Software Corporation - Progress
Acesso   Público
Publicação   16/08/2010
Status: Unverified

GOAL:

4GL/ABL: How to programmatically assign an OpenEdge database security administrator?

GOAL:

How to programmatically make a user an OpenEdge database security administrator using 4GL/ABL?

GOAL:

How to add a user to an OpenEdge Database Security Administrator list without using the Data Administration Tool?

FACT(s) (Environment):

All Supported Operating Systems
OpenEdge 10.1x
OpenEdge 10.2x
OpenEdge Category: Language (4GL/ABL)

FIX:

The following 4GL code creates a user and grants him/her Security Administrator privileges for the currently attached OpenEdge 10.1A or later database.
To avoid duplicating the userid in the database security administrator list, the code uses the 4GL CAN-DO function to check if the user has already been granted a privilege before granting that privilege.
These are the same privileges granted to a Database Security Administrator added using the Data Dictionary's Data Administration Tool. Specifically, the OpenEdge 10.1A or later Database Security Administrator is granted the following permissions:
_File Table:
Write permission on the _File._Can-read field
Write permission on the _File._Can-write field
Write permission on the _File._Can-create field
Write permission on the _File._Can-delete field
_Field Table:
Write permission on _Field._Can-read field
Write permission on _Field._Can-write field
_User Table:
Create permission on the _User table
Delete permission on the _User table
_Db-Detail Table:
Create permission on the _Db-Detail table
Write permission on the _Db-Detail table
Delete permission on the _Db-Detail table
_Db-Option Table:
Create permission on the _Db-Option table
Write permission on the _Db-Option table
Delete permission on the _Db-Option table
_Db Table:
Write permission on the _Db._Db-Guid field
DEFINE VARIABLE SecAdmin AS CHARACTER NO-UNDO.
CREATE _User.
ASSIGN
_User._Userid = "Beta"
_User._Password = ENCODE("Beta")
_User._User-Name = "Beta"
SecAdmin = _User._Userid.
/*************** Grant necessary permissions on _File table ****************/
FIND DICTDB._File "_File" WHERE DICTDB._File._Owner = "PUB".
/* Grant write permissions on the _Can-Read _Field OF _File if not already granted */
FIND DICTDB._Field "_Can-Read" OF _File.
IF NOT CAN-DO(_Field._Can-Write,SecAdmin) THEN
ASSIGN _Field._Can-Write = _Field._Can-Write + "," + SecAdmin.
/* Grant write permissions on the _Can-Write _Field OF _File if not already granted */
FIND DICTDB._Field "_Can-Write" OF _File.
IF NOT CAN-DO(_Field._Can-Write,SecAdmin) THEN
ASSIGN _Field._Can-Write = _Field._Can-Write + "," + SecAdmin.
/* Grant write permissions on the _Can-Create _Field OF _File if not already granted */
FIND DICTDB._Field "_Can-Create" OF _File.
IF NOT CAN-DO(_Field._Can-Write,SecAdmin) THEN
ASSIGN _Field._Can-Write = _Field._Can-Write + "," + SecAdmin.
/* Grant write permissions on the _Can-Delete _Field OF _File if not already granted */
FIND DICTDB._Field "_Can-Delete" OF _File.
IF NOT CAN-DO(_Field._Can-Write,SecAdmin) THEN
ASSIGN _Field._Can-Write = _Field._Can-Write + "," + SecAdmin.
/*************** Grant necessary permissions on _Field table ****************/
FIND DICTDB._File "_Field" WHERE DICTDB._File._Owner = "PUB".
/* Grant Write permission on _Field._Can-Read if not already granted */
FIND DICTDB._Field "_Can-Read" OF _File.
IF NOT CAN-DO(_Field._Can-Write,SecAdmin) TH.EN
ASSIGN _Field._Can-Write = _Field._Can-Write + "," + SecAdmin.
/* Grant Write permission on _Field._Can-Write if not already granted */
FIND DICTDB._Field "_Can-Write" OF _File.
IF NOT CAN-DO(_Field._Can-Write,SecAdmin) THEN
ASSIGN _Field._Can-Write = _Field._Can-Write + "," + SecAdmin.
/*************** Grant necessary permissions on _User table ****************/
FIND DICTDB._File "_User" WHERE DICTDB._File._Owner = "PUB".
/* Grant Create permission on _User if not already granted */
IF NOT CAN-DO(_File._Can-Create,SecAdmin) THEN
ASSIGN _File._Can-Create = _File._Can-Create + "," + SecAdmin.
/* Grant Delete permission on _User if not already granted */
IF NOT CAN-DO(_File._Can-Delete,SecAdmin) THEN
ASSIGN _File._Can-Delete = _File._Can-Delete + "," + SecAdmin.
/*************** Grant necessary permissions on _Db-Detail table ****************/
FIND DICTDB._File "_Db-Detail" WHERE DICTDB._File._Owner = "PUB".
/* Grant Create permission on _Db-Detail if not already granted */
IF NOT CAN-DO(_File._Can-Create,SecAdmin) THEN
ASSIGN _File._Can-Create = _File._Can-Create + "," + SecAdmin.
/* Grant Write permission on _Db-Detail if not already granted */
IF NOT CAN-DO(_File._Can-Write,SecAdmin) THEN
ASSIGN _File._Can-Write = _File._Can-Write + "," + SecAdmin.
/* Grant Delete permission on _Db-Detail if not already granted */
IF NOT CAN-DO(_File._Can-Delete,SecAdmin) THEN
ASSIGN _File._Can-Delete = _File._Can-Delete + "," + SecAdmin.
/*************** Grant necessary permissions on _Db-Option table ****************/
FIND DICTDB._File "_Db-Option" WHERE DICTDB._File._Owner = "PUB".
/* Grant Create permission on _Db-Option if not already granted */
IF NOT CAN-DO(_File._Can-Create,SecAdmin) THEN
ASSIGN _File._Can-Create = _File._Can-Create + "," + SecAdmin.
/* Grant Write permission on _Db-Option if not already granted */
IF NOT CAN-DO(_File._Can-Write,SecAdmin) THEN
ASSIGN _File._Can-Write = _File._Can-Write + "," + SecAdmin.
/* Grant Delete permission on _Db-Option if not already granted */
IF NOT CAN-DO(_File._Can-Delete,SecAdmin) THEN
ASSIGN _File._Can-Delete = _File._Can-Delete + "," + SecAdmin.
/*************** Grant necessary permissions on _Db table ****************/
FIND DICTDB._File "_Db" WHERE DICTDB._File._Owner = "PUB".
/* Grant Write permission on _Db._Db-guid if not already granted */
FIND DICTDB._Field "_Db-Guid" OF _File.
IF NOT CAN-DO(_Field._Can-Write,SecAdmin) THEN
ASSIGN _Field._Can-Write = _Field._Can-Write + "," + SecAdmin..