ONLINE HELP
 WINDEVWEBDEV AND WINDEV MOBILE

Help / WLanguage / Managing databases / HFSQL / Managing HFSQL Client/Server
  • Overview
  • What are the available rights?
  • The "superuser" users
  • Assigning rights
  • The different available rights
  • Managing an action on a server, a database or a data file
  • Action on a server or on a database
  • Action on a data file
  • Example
  • Special cases
  • Owner of a database or data file
  • Changing rights
  • What are the rights required to add/modify the users or the groups?
WINDEV
WindowsLinuxJavaReports and QueriesUser code (UMC)
WEBDEV
WindowsLinuxPHPWEBDEV - Browser code
WINDEV Mobile
AndroidAndroid Widget iPhone/iPadIOS WidgetApple WatchMac Catalyst
Others
Stored procedures
Overview
To ensure data security and confidentiality, some actions may be restricted to a group of users.
Higher rights can be granted to the administrators of the database and limited rights can be granted to the end users.
Remark: The HFSQL Control Center allows you to graphically manage the rights granted to the users on the different database elements.
What are the available rights?

The "superuser" users

Users defined as "Superusers" are allowed to perform all actions on the server, databases and data files.
To define a user as a "Superuser", all you have to do is specify it in the description variables of users.

Assigning rights

No specific rights are granted by default to a new user or to a new group.
The following functions can be used to grant rights:
HModifyDatabaseRightsSets the rights granted to a user or group for an HFSQL Client/Server database.
HModifyFileRightsSets the rights granted to a user or group on an HFSQL Client/Server data file.
HModifyServerRightsSets the rights granted to a user or group on an HFSQL server.
When the user is associated with a group, the user automatically inherits the rights granted to the group.

The different available rights

For each type of element (database, data file, server), rights can be granted to the users and/or to the groups.
One of the following values can be specified for each rights:
AllowedThe user or the group is allowed to use this feature.
ForbiddenThe user or the group is not allowed to use this feature. If he tries to use this feature, a WLanguage error indicates that the user has no sufficient rights to use this feature.
InheritedThe rights are undefined at this level. The HFSQL server uses the rights defined at the higher level:
  • rights defined at group level for a user.
  • rights defined at database level for a file

To find out the current rights granted to a user or to a group, use one of the following functions:
HInfoDatabaseRightsAllows you to find out the rights granted to a user or to a group on a database.
HInfoFileRightsGets the rights granted to a user or group on an HFSQL Client/Server data file.
HInfoServerRightsGets the rights granted to a user or group of users on a server.
Managing an action on a server, a database or a data file

Action on a server or on a database

The following actions depend on the rights:
  • Delete or add users or groups, see the users.
  • Create or delete a database.
  • Connect to a server (encrypted connection only).
  • Create a file.
  • Stop server.
For more details, see HInfoDatabaseRights and HInfoServerRights.
When a user want to perform one of these actions, the following operations are performed by the server:
  1. Check the user rights to perform this action.
  2. The following cases can occur:
    • The action is allowed for the user: the action is performed.
    • The action is not allowed for the user: the action is refused.
    • The action is inherited: the server searches for the rights granted to the groups to which the user belongs.
If the user belongs to at least one group for which the action is allowed on this server or on this database, the action is performed ; otherwise, the action is refused.

Action on a data file

The following actions depend on the rights:
  • Read the records found in a data file.
  • Add, modify, delete records.
  • Delete a data file.
  • Start the automatic data modification.
  • Start a re-index operation or a statistical calculation on a data file.
  • Modify the integrity rules.
  • Enable or disable the management of duplicates.
For more details, see HInfoFileRights.
When a user want to perform one of these actions, the following operations are performed by the server:
  1. Check the user rights to perform this action.
  2. The following cases can occur:
    • The action is allowed for the user: the action is performed
    • The action is not allowed for the user: the action is rejected
    • The action is inherited: the server searches for the rights granted to the groups to which the user belongs.
      • If the user belongs to at least one group for which the action was allowed on this data file: the action is performed.
      • If the user belongs to at least one group for which the action was forbidden on this data file: the action is refused.
    • If the action was not defined at group level, the server searches whether the action on the database to which the file belongs is:
      • allowed: the action is performed.
      • forbidden: the action is refused.
    • If the action was not defined at database level, the server searches whether the user belongs to a group for which the action on the database to which the file belongs was allowed or not.
      • If the action was allowed for a group, the action is performed.
      • If the action was not allowed for a group, the action is refused.

Example

The user rights are defined as follows:
ElementRead-only rightsRights to add a record
DatabaseForbiddenAllowed
File 1 of the databaseAllowedForbidden
File 2 of the databaseInheritedInherited
In this case:
  • The user can read the records found in File 1 and add records into File 2.
  • The user cannot read the records found in File 2 because the restriction is inherited from the rights defined on the database.
  • The user cannot add records into File 1 because this action is explicitly forbidden.
Special cases

Owner of a database or data file

The databases and the data files belong to a owner. The user who created the database or the file automatically becomes the owner of this element.
  • Rights to modify the owner:
    Only the owner of the element or a user who has the rights to "Modify the owner" can change the owner of the element.
    The rights to "Modify the owner" can be granted by the owner of the element or by a user who has the rights to "Modify the owner".
  • Finding out and modifying the owner:
    • The following functions can be used to identify the owner:
      HInfoDatabasePropertyUsed to find out the properties of a database on an HFSQL server.
      HInfoFilePropertyAllows you to find out the properties of a data file located in an HFSQL server.
    • The following functions can be used to modify the owner:
      HModifyDatabasePropertyModifies the properties of a database located on an HFSQL server.
      HModifyFilePropertyModifies the properties of an HFSQL file located on a server.
The HFSQL Control Center can also be used to modify the owner.
Changing rights
Modifying the rights consists in allowing, forbidding or removing an authorization or a restriction.
To modify the rights, you must:
  • have the rights to "Modify the rights".
  • be a "Super User".
Remark: The owner of the database or the owner of the data file is always allowed to grant to himself the rights to "Modify the rights" on this element (HModifyDatabaseRights or HModifyFileRights)
What are the rights required to add/modify the users or the groups?
The table below presents the rights required to handle the characteristics of groups and users:
hRightsManageUserhRightsSeeUser
Actions on the other users or groups (other than the current user and group)x
Modify the name of a user or groupxx
Add a user or a groupxx
Modify the characteristics of the current user or groupx
See the users or the groupsx

These constants are used in HInfoServerRights and HModifyServerRights.
Minimum version required
  • Version 9
This page is also available for…
Comments
Click [Add] to post a comment

Last update: 07/05/2023

Send a report | Local help