Managing rights on HFSQL Client/Server

ONLINE HELP
WINDEV, WEBDEV AND WINDEV MOBILE

Version:

Home | Sign in | English

This content has been translated automatically. Click here to view the French version.

Help / WLanguage / Managing databases / HFSQL / Managing HFSQL Client/Server

Overview
What are the available rights?
The "superuser" users
Assigning rights
The different available rights
Managing an action on a server, a database or a data file
Action on a server or on a database
Action on a data file
Example
Special cases
Owner of a database or data file
Changing rights
What are the rights required to add/modify the users or the groups?

WINDEV

WEBDEV

WINDEV Mobile

Others

See also

Managing rights on HFSQL Client/Server

Available only with this kind of connection

Overview

To ensure data security and confidentiality, some actions may be restricted to a group of users.

Higher rights can be granted to the administrators of the database and limited rights can be granted to the end users.

Note The HFSQL Control Center lets you graphically manage the rights granted to users over the various elements of the database.

What are the available rights?

The "superuser" users

Users defined as "Superusers" are allowed to perform all actions on the server, databases and data files.

To define a user as a "Superuser", all you have to do is specify it in the description variables of users.

Assigning rights

No specific rights are granted by default to a new user or to a new group.

The following functions can be used to grant rights:


HModifyDatabaseRights	Sets the rights granted to a user or group for an HFSQL Client/Server database.
HModifyFileRights	Sets the rights granted to a user or group on an HFSQL Client/Server data file.
HModifyServerRights	Sets the rights granted to a user or group on an HFSQL server.

When the user is associated with a group, the user automatically inherits the rights granted to the group.

The different available rights

For each type of element (database, data file, server), rights can be granted to the users and/or to the groups.

One of the following values can be specified for each rights:


Allowed	The user or the group is allowed to use this feature.
Forbidden	The user or the group is not allowed to use this feature. If he tries to use this feature, a WLanguage error indicates that the user has no sufficient rights to use this feature.
Inherited	The rights are undefined at this level. The HFSQL server uses the rights defined at the higher level: rights defined at group level for a user. right defined at database level for a data file.

To find out the current rights granted to a user or to a group, use one of the following functions:


HInfoDatabaseRights	Gets the rights granted to a user or group on a database.
HInfoFileRights	Gets the rights granted to a user or group on an HFSQL Client/Server data file.
HInfoServerRights	Gets the rights granted to a user or group of users on a server.

Managing an action on a server, a database or a data file

Action on a server or on a database

The following actions depend on the rights:

Delete or add users or groups, see the users.
Create or delete a database.
Connect to a server (encrypted connection only).
Create a data file.
Stop server.

For more details, see HInfoDatabaseRights and HInfoServerRights.

When a user want to perform one of these actions, the following operations are performed by the server:

Check the user rights to perform this action.
The following cases can occur:
- The action is authorized for the user: the action is carried out.
- The action is forbidden for the user: the action is refused.
- The action is inherited: the server searches for group rights to which the user belongs.

If the user belongs to at least one group for which the action is allowed on this server or on this database, the action is performed ; otherwise, the action is refused.

Action on a data file

The following actions depend on the rights:

Read the records found in a data file.
Add, modify, delete records.
Delete a data file.
Start the automatic data modification.
Start a re-index operation or a statistical calculation on a data file.
Modify the integrity rules.
Enable or disable the management of duplicates.

For more details, see HInfoFileRights.

When a user want to perform one of these actions, the following operations are performed by the server:

Check the user rights to perform this action.
The following cases can occur:
- The action is authorized for the user: the action is carried out
- The action is forbidden for the user: the action is refused
- The action is inherited: the server searches for group rights to which the user belongs.
  - If the user belongs to at least one group for which action on this data file has been authorized: the action is carried out.
  - If the user belongs to at least one group for which action on this data file has been forbidden: action is refused.
- If the action has not been defined at group level, the server checks whether the action on the database to which the data file belongs is:
  - authorized: the action is performed.
  - forbidden: the action is refused.
- If the action has not been defined at database level, the server checks whether the user belongs to a group for which the action on the database to which the data file belongs has been authorized or not.
  - If the action was allowed for a group, the action is performed.
  - If the action was not allowed for a group, the action is refused.

Example

The user rights are defined as follows:


Element	Read-only rights	Rights to add a record
Database	Forbidden	Allowed
Database data file 1	Allowed	Forbidden
Database data file 2	Inherited	Inherited

In this case:

The user can read the records in "Data file 1" and add records to "Data file 2".
The user is not allowed to read the records in "Data file 2", as the prohibition is inherited from the right defined on the database.
The user cannot add records to "Data file 1", as this action is explicitly forbidden.

Special cases

Owner of a database or data file

The databases and the data files belong to a owner. The user who creates the database or data file is automatically declared the owner of this element.

Right to modify the owner:
Only the owner of the element or a user who has the rights to "Modify the owner" can change the owner of the element.
The rights to "Modify the owner" can be granted by the owner of the element or by a user who has the rights to "Modify the owner".
Finding out and modifying the owner:
- The following functions can be used to identify the owner:
  HInfoDatabaseProperty Used to find out the properties of a database on an HFSQL server.
  HInfoFileProperty Allows you to find out the properties of a data file located in an HFSQL server.
- The following functions can be used to modify the owner:
  HModifyDatabaseProperty Modifies the properties of a database located on an HFSQL server.
  HModifyFileProperty Modifies the properties of an HFSQL data file located on a server.

The HFSQL Control Center can also be used to modify the owner.

Changing rights

Modifying the rights consists in allowing, forbidding or removing an authorization or a restriction.

To modify the rights, you must:

have the rights to "Modify the rights".
be a "Super User".

Note: The owner of the database or data file is always authorized to add "Modify rights" to this item (function HModifyDatabaseRights or HModifyFileRights)

What are the rights required to add/modify the users or the groups?

The table below presents the rights required to handle the characteristics of groups and users:

	hRightsManageUser	hRightsSeeUser

Actions on the other users or groups (other than the current user and group)		x
Modify the name of a user or group	x	x
Add a user or a group	x	x
Modify the characteristics of the current user or group	x
See the users or the groups		x

These constants are used in HInfoServerRights and HModifyServerRights.