FrontBase Documentation |
Backtrack: Welcome! 6. Original Documentation |
Updated:
20-Nov-2000
prev next Table of Contents |
FrontBase offers a unique feature called Row Level Privileges, which allows you to specify access privileges for individual rows. Each is row is said to be owned by a specific user and belonging to a specific group. Access privileges (SELECT, UPDATE and DELETE) for a row can be specified for the owner, the group and the world.
Please note that Row Level Privileges is licensed as a separate option and that the feature is not available in the free version.
Deploying Row Level Privileges
To use the Row Level Privileges feature, a given database has to be initialized with the feature given as an option:
/Local/Library/FrontBase/bin/FrontBase -rlpriv <database name>
You can also specify the -rlpriv option when creating a database via the FBDatabaseManager.
Once created, the option is recorded in the database, i.e. you don't need to specify the option when the database server is subsequently stopped and started.
Managing the meta data
CREATE GROUP <group name>; -- CURRENT_USER must be _SYSTEM DROP GROUP <group name> RESTRICT|CASCADE; -- CURRENT_USER must be _SYSTEM ALTER GROUP <group name> ADD USER <user name>; -- CURRENT_USER must be _SYSTEM ALTER GROUP <group name> DROP USER <user name>; -- CURRENT_USER must be _SYSTEM ALTER USER <user name> SET DEFAULT GROUP <group name>; -- CURRENT_USER must be _SYSTEM or <user name> ALTER TABLE <table name> SET DEFAULT PRIVILEGES(<row privileges>) [USER <user name>]; -- CURRENT_USER must be _SYSTEM or <user name>, if no user name -- is given, the current user is used <row privileges> ::= <row privs> | <row privileges> , <row privs> <row privs> ::= <owner privs> | <group privs> | <world privs> <user privs> ::= USER = * | <priv mask> <group privs> ::= GROUP = * | <priv mask> <world privs> ::= * = * | <priv mask> <priv mask> ::= <priv> | <priv mask> + <priv> <priv> ::= SELECT | UPDATE | DELETE
Example:ALTER TABLE T0 SET DEFAULT PRIVILEGES(USER=*, GROUP=SELECT+UPDATE, *=SELECT);
Managing the content data
UPDATE <table name> SET PRIVILEGES(<row privileges>) [WHERE <cond expr>]; UPDATE <table name> SET GROUP <group name> [WHERE <cond expr>]; UPDATE <table name> SET USER <user name> [WHERE <cond expr>]; -- CURRENT_USER has to either own the row or be _SYSTEM
SELECTing the access privileges for a row
The owner, group and privileges for a given set of rows can be fetched as follows:
SELECT USER, GROUP, PRIVILEGES FROM <table> WHERE <cond expr>;
By wrapping the SELECT in a VIEW, the values can be used in queries:
CREATE VIEW(ROW_OWNER, ROW_GROUP, ROW_PRIVS) T0_PRIVS SELECT USER, GROUP, PRIVILEGES FROM T0; SELECT * FROM T0_PRIVS WHERE ROW_OWNER = '<user name>';
If you have feedback or questions on this document, please send e-mail to doc-feedback@frontbase.com. Please reference the section number and topic. Thanks!!
©2000 FrontBase, Inc. All rights reserved.