Board index » off-topic » Using Interbase roles

Using Interbase roles


2005-04-07 07:03:10 PM
off-topic3
We have a datasnap application using IBExpress. We would like to start
using interbase roles to define users access rights. We need to define
a sql_role_name parameter to the IBExpress login. However at the point
of login, we have no means of knowing what roles have been assigned to
the user and we don't want the user to have to define his role each
time, as this has been defined in the database.
We want the user to be able to login, using the standard login form, by
providing just a user name and password as usual and then have all the
access rights defined by the roles membership. Is this possible? And if
so how can it be done?
Regards
Roger Graham
 
 

Re:Using Interbase roles

Roger Graham wrote:
Quote
We want the user to be able to login, using the standard login form,
by providing just a user name and password as usual and then have all
the access rights defined by the roles membership. Is this possible?
And if so how can it be done?
In IB 7.5 when you use embedded user authentication you can assign a
default role for each user.
Prior to IB 7.5, IMHO, there isn't a really good way to make this work.
--
Craig Stuntz [TeamB] ?Vertex Systems Corp. ?Columbus, OH
Delphi/InterBase Weblog : blogs.teamb.com/craigstuntz
How to ask questions the smart way:
www.catb.org/~esr/faqs/smart-questions.html
 

Re:Using Interbase roles

There is no way to do that. You must specify the role at the time you
connect. You can grant more than one role to a user but the user can only
connect using one role at a time.
The only way I can think of to get close to what you want is to have a
table in the database that gives the role for each user. Connect as a
standard user and role, lookup the user, get the role name, disconnect
then reconnect as that user and role.
--
Bill Todd (TeamB)
TeamB cannot answer questions received via email
 

{smallsort}

Re:Using Interbase roles

Bill Todd wrote:
Quote
There is no way to do that. You must specify the role at the time you
connect. You can grant more than one role to a user but the user can
only connect using one role at a time.

The only way I can think of to get close to what you want is to have a
table in the database that gives the role for each user. Connect as a
standard user and role, lookup the user, get the role name, disconnect
then reconnect as that user and role.

We do this using an INI file. Our INI file includes the location of the
database. It also includes a section of all users and their default
Role. We built a User Security Manager in our application that does the
granting and revoking of roles and also maintains the INI file.
Toddly