FrontBase Documentation |
Backtrack: Welcome! 4. Administering a FrontBase Server |
Updated:
20-Nov-2000
prev next Table of Contents |
FrontBase offers a unique feature called Row Level Privileges, which allows you to specify access privileges for individual rows. Each row is said to be owned by a specific user and belonging to a specific group. Access privileges (SELECT
,UPDATE
, andDELETE
) for a row can be specified for the owner, the group, and the world.
Invoking Row Level Privileges
To use the Row Level Privileges feature, a given database has to be initialized with the feature given as an option. Start a FrontBase from the command line as follows:
FrontBase/bin/FrontBase -rlpriv <database name>
You can also specify the
-rlpriv
option when creating a database with the FBManager and FBWebManager tools.Once invoked, the option is recorded in the database. You don't need to specify the option when the database server is subsequently stopped and started.
Managing the meta data
You can create and drop groups whenCURRENT_USER
is_SYSTEM
using these SQL statements:
CREATE GROUP <group-name>;
DROP GROUP <group-name> RESTRICT|CASCADE;
You can add and drop users to a group when
CURRENT_USER
is_SYSTEM
using these SQL statements:
ALTER GROUP <group-name> ADD USER <user-name>;
ALTER GROUP <group-name> DROP USER <user-name>;
You can change the default group of a user when
CURRENT_USER
is either_SYSTEM
or<user-name>
using this SQL statement:
ALTER USER <user-name> SET DEFAULT GROUP <group-name>;
You can change the default row privileges for a table when
CURRENT_USER
is either_SYSTEM
or<user-name>
using this SQL statement:
ALTER TABLE <table-name> SET DEFAULT PRIVILEGES(<row-privileges>)
[USER <user-name>];If
<user-name>
is not given, the current user is assumed. The<row privileges>
argument has the following BNF form:
<row privileges> ::= <row privs> | <row privileges> , <row privs>
<row privs> ::= <owner privs> | <group privs> | <world privs>
<user privs> ::= USER = * | <priv mask>
<group privs> ::= GROUP = * | <priv mask>
<world privs> ::= * = * | <priv mask>
<priv mask> ::= <priv> | <priv mask> + <priv>
<priv> ::= SELECT | UPDATE | DELETE
Example:
ALTER TABLE T0
SET DEFAULT PRIVILEGES(USER=*, GROUP=SELECT+UPDATE, *=SELECT);
Managing the content data
You can change the privileges, owning group, or owning user of rows of a table using theUPDATE
SQL statement.CURRENT_USER
must either be_SYSTEM
or own the affected rows.
UPDATE <table-name> SET PRIVILEGES (<row-privileges>)
[WHERE <cond-expr>];UPDATE <table-name> SET GROUP <group-name>
[WHERE <cond-expr>];UPDATE <table-name> SET USER <user-name>
[WHERE <cond-expr>];
The owner, group, and privileges for a given set of rows can be fetched with this SQL statement:
SELECT
ing the access privileges for a row
SELECT USER, GROUP, PRIVILEGES FROM <table>
WHERE <cond-expr>;By wrapping the
SELECT
in aVIEW
, the values can be used in queries:
CREATE VIEW(ROW_OWNER, ROW_GROUP, ROW_PRIVS) T0_PRIVS
SELECT USER, GROUP, PRIVILEGES FROM T0;SELECT * FROM T0_PRIVS WHERE ROW_OWNER = '<user-name>';
If you have feedback or questions on this document, please send e-mail to doc-feedback@frontbase.com. Please reference the section number and topic. Thanks!!
©2000 FrontBase, Inc. All rights reserved.