|
|
|
|
|
- Overview
- What are the available rights?
- The "superuser" users
- Assigning rights
- The different available rights
- Managing an action on a server, a database or a data file
- Action on a server or on a database
- Action on a data file
- Example
- Special cases
- Owner of a database or data file
- Changing rights
- What are the rights required to add/modify the users or the groups?
Managing rights on HFSQL Client/Server
Available only with this kind of connection
To ensure data security and confidentiality, some actions may be restricted to a group of users. Higher rights can be granted to the administrators of the database and limited rights can be granted to the end users. Remark: The HFSQL Control Center allows you to graphically manage the rights granted to the users on the different database elements. What are the available rights? The "superuser" users Users defined as "Superusers" are allowed to perform all actions on the server, databases and data files. Assigning rights No specific rights are granted by default to a new user or to a new group. The following functions can be used to grant rights:
When the user is associated with a group, the user automatically inherits the rights granted to the group. The different available rights For each type of element (database, data file, server), rights can be granted to the users and/or to the groups. One of the following values can be specified for each rights: | | Allowed | The user or the group is allowed to use this feature. | Forbidden | The user or the group is not allowed to use this feature. If he tries to use this feature, a WLanguage error indicates that the user has no sufficient rights to use this feature. | Inherited | The rights are undefined at this level. The HFSQL server uses the rights defined at the higher level:- rights defined at group level for a user.
- rights defined at database level for a file
| To find out the current rights granted to a user or to a group, use one of the following functions:
| | HInfoDatabaseRights | Allows you to find out the rights granted to a user or to a group on a database. | HInfoFileRights | Gets the rights granted to a user or group on an HFSQL Client/Server data file. | HInfoServerRights | Gets the rights granted to a user or group of users on a server. |
Managing an action on a server, a database or a data file Action on a server or on a database The following actions depend on the rights: - Delete or add users or groups, see the users.
- Create or delete a database.
- Connect to a server (encrypted connection only).
- Create a file.
- Stop server.
When a user want to perform one of these actions, the following operations are performed by the server: - Check the user rights to perform this action.
- The following cases can occur:
- The action is allowed for the user: the action is performed.
- The action is not allowed for the user: the action is refused.
- The action is inherited: the server searches for the rights granted to the groups to which the user belongs.
If the user belongs to at least one group for which the action is allowed on this server or on this database, the action is performed ; otherwise, the action is refused. Action on a data file The following actions depend on the rights: - Read the records found in a data file.
- Add, modify, delete records.
- Delete a data file.
- Start the automatic data modification.
- Start a re-index operation or a statistical calculation on a data file.
- Modify the integrity rules.
- Enable or disable the management of duplicates.
When a user want to perform one of these actions, the following operations are performed by the server: - Check the user rights to perform this action.
- The following cases can occur:
- The action is allowed for the user: the action is performed
- The action is not allowed for the user: the action is rejected
- The action is inherited: the server searches for the rights granted to the groups to which the user belongs.
- If the user belongs to at least one group for which the action was allowed on this data file: the action is performed.
- If the user belongs to at least one group for which the action was forbidden on this data file: the action is refused.
- If the action was not defined at group level, the server searches whether the action on the database to which the file belongs is:
- allowed: the action is performed.
- forbidden: the action is refused.
- If the action was not defined at database level, the server searches whether the user belongs to a group for which the action on the database to which the file belongs was allowed or not.
- If the action was allowed for a group, the action is performed.
- If the action was not allowed for a group, the action is refused.
Example The user rights are defined as follows: | | | Element | Read-only rights | Rights to add a record | Database | Forbidden | Allowed | File 1 of the database | Allowed | Forbidden | File 2 of the database | Inherited | Inherited |
In this case: - The user can read the records found in File 1 and add records into File 2.
- The user cannot read the records found in File 2 because the restriction is inherited from the rights defined on the database.
- The user cannot add records into File 1 because this action is explicitly forbidden.
Owner of a database or data file The databases and the data files belong to a owner. The user who created the database or the file automatically becomes the owner of this element. - Rights to modify the owner:
Only the owner of the element or a user who has the rights to "Modify the owner" can change the owner of the element. The rights to "Modify the owner" can be granted by the owner of the element or by a user who has the rights to "Modify the owner". - Finding out and modifying the owner:
- The following functions can be used to identify the owner:
- The following functions can be used to modify the owner:
The HFSQL Control Center can also be used to modify the owner. Modifying the rights consists in allowing, forbidding or removing an authorization or a restriction. To modify the rights, you must: - have the rights to "Modify the rights".
- be a "Super User".
Remark: The owner of the database or the owner of the data file is always allowed to grant to himself the rights to "Modify the rights" on this element ( HModifyDatabaseRights or HModifyFileRights) What are the rights required to add/modify the users or the groups? The table below presents the rights required to handle the characteristics of groups and users: | | | | hRightsManageUser | hRightsSeeUser |
---|
Actions on the other users or groups (other than the current user and group) | | x | Modify the name of a user or group | x | x | Add a user or a group | x | x | Modify the characteristics of the current user or group | x | | See the users or the groups | | x |
These constants are used in HInfoServerRights and HModifyServerRights.
This page is also available for…
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|