Embedded Files
Table Authorization
Table Authorization
[EE] WOW allows you to control access to the tables used by your application. By default all users are permitted to access a table in any way your operations allow. In order to restrict the ways in which users are allowed to access a table you create a user authorization operation and then specify that operation in a table descriptor, as described below.
Using Table Authorization
In this example, we will restrict the users who are allowed to delete from our table. It is also possible to restrict the users who may read, update, insert into, or alter a particular table. Here is the result of selecting rows from our table, before we restrict deletes.
The first step is to create a user authorization operation. This operation will return a list of the users who have authority to delete from the table. (User authorization operations are covered in more detail earlier in this chapter.) This is what our user authorization operation looks like:
The SQL in the operation may use the "??TABLE_NAME" parameter to refer to the table whose authority is being checked. This allows a single user authorization operation to be used by multiple tables.
This user authorization operation must now be specified in the table's table descriptor. To locate the table descriptor, open up Field Descriptor Manager, and go to the FDs for that table. (See the Field Descriptors Chapter for more information on Field Descriptor Manager.) The table descriptor will have the same name as the table, except it will be prefixed with a tilde (~). In our example, we are working with the CUSTOMER table, so the table descriptor is named "~CUSTOMER".
Edit the table descriptor, and in the Authorization Settings section, look for the Delete Authorization Operation field. Set the value of this field to the user authorization operation created earlier. (To restrict reads, updates, inserts, or alters set the authorization operation in the appropriate field.)
Now, any operation which attempts to access the CUSTOMER table will prevent unauthorized users from deleting rows from the table. Note that the table descriptor is associated with a particular connection alias, so the security restrictions will only apply when the table is accessed using this connection.
If signing on as a user without authority to delete from the table, select rows from the table will not be displayed.
Page updated
Report abuse