Managing rights on HFSQL Client/Server

WINDEV, WEBDEV AND WINDEV MOBILE
ONLINE HELP

Version:

Home | Sign in | English

Help

WLanguage

Management of databases

Management of HFSQL Client/Server

Managing rights on HFSQL Client/Server

Overview

What are the available rights?

Managing an action on a server, a database or a data file

Special cases

Modifying the rights

What are the rights required to add/modify the users or the groups?

See also

Managing rights on HFSQL Client/Server

Available only with this kind of connection

Overview

To ensure data security and confidentiality, some actions may be restricted to a group of users.

Higher rights can be granted to the administrators of the database and limited rights can be granted to the end users.

Note: The HFSQL Control Center allows you to graphically manage the rights granted to the users on the different database elements.

Note: From version 19, HFSQL is the new name of HyperFileSQL.

Versions 22 and later

This feature is now available in Android Widget mode.

This feature is now available for the Android applications.

This feature is now available for the Java applications.

New in version 22

This feature is now available in Android Widget mode.

This feature is now available for the Android applications.

This feature is now available for the Java applications.

This feature is now available in Android Widget mode.

This feature is now available for the Android applications.

This feature is now available for the Java applications.

What are the available rights?

The "super user" users

The users defined as "Super user" are allowed to perform all types of actions on the server, on the databases and on all the data files.

To define a user as a "Super user", all you have to do is specify it in the description variables of users.

Assigning rights

No specific rights are granted by default to a new user or to a new group.

The following functions can be used to grant rights:


Versions 09 and later HModifyDatabaseRights New in version 09 HModifyDatabaseRights HModifyDatabaseRights	Modifies the rights granted to a user or to a group for a HFSQL Client/Server database.
Versions 09 and later HModifyFileRights New in version 09 HModifyFileRights HModifyFileRights	Modifies the rights granted to a user or to a group on a HFSQL Client/Server data file.
Versions 09 and later HModifyServerRights New in version 09 HModifyServerRights HModifyServerRights	Modifies the rights granted to a user or to a group on a HFSQL server.

When the user is associated with a group, the user automatically inherits the rights granted to the group.

The different available rights

For each type of element (database, data file, server), rights can be granted to the users and/or to the groups.

One of the following values can be specified for each rights:


Allowed	The user or the group is allowed to use this feature.
Forbidden	The user or the group is not allowed to use this feature. If he tries to use this feature, a WLanguage error indicates that the user has no sufficient rights to use this feature.
Inherited	The rights are undefined at this level. The HFSQL server uses the rights defined at the higher level: rights defined at group level for a user. rights defined at database level for a file

To find out the current rights granted to a user or to a group, use one of the following functions:


Versions 09 and later HInfoDatabaseRights New in version 09 HInfoDatabaseRights HInfoDatabaseRights	Allows you to find out the rights granted to a user or to a group on a database.
Versions 09 and later HInfoFileRights New in version 09 HInfoFileRights HInfoFileRights	Allows you to find out the rights granted to a user or to a group on a HFSQL Client/Server data file.
Versions 09 and later HInfoServerRights New in version 09 HInfoServerRights HInfoServerRights	Allows you to find out the rights granted to a user or to a group on a server.

Managing an action on a server, a database or a data file

Action on a server or on a database

The following actions depend on the rights:

Delete or add users or groups, see the users.
Create or delete a database.
Connect to a server (encrypted connection only).
Create a file.
Stop the server.

See HInfoDatabaseRights and HInfoServerRights for more details.

When a user want to perform one of these actions, the following operations are performed by the server:

Check the user rights to perform this action.
The following cases can occur:
- The action is allowed for the user: the action is performed.
- The action is not allowed for the user: the action is refused.
- The action is inherited: the server searches for the rights granted to the groups to which the user belongs.

If the user belongs to at least one group for which the action is allowed on this server or on this database, the action is performed ; otherwise, the action is refused.

Action on a data file

The following actions depend on the rights:

Read the records found in a data file.
Add, modify, delete records.
Delete a data file.
Start the automatic data modification.
Start a re-index operation or a statistical calculation on a data file.
Modify the integrity rules.
Enable or disable the management of duplicates.

See HInfoFileRights for more details.

When a user want to perform one of these actions, the following operations are performed by the server:

Check the user rights to perform this action.
The following cases can occur:
- The action is allowed for the user: the action is performed
- The action is not allowed for the user: the action is refused
- The action is inherited: the server searches for the rights granted to the groups to which the user belongs.
  - If the user belongs to at least one group for which the action was allowed on this data file: the action is performed.
  - If the user belongs to at least one group for which the action was forbidden on this data file: the action is refused.
- If the action was not defined at group level, the server searches whether the action on the database to which the file belongs is:
  - allowed: the action is performed.
  - forbidden: the action is refused.
- If the action was not defined at database level, the server searches whether the user belongs to a group for which the action on the database to which the file belongs was allowed or not.
  - If the action was allowed for a group, the action is performed.
  - If the action was not allowed for a group, the action is refused.

Example

The user rights are defined as follows:


Element	Read-only rights	Rights to add a record
Database	Forbidden	Allowed
File 1 of the database	Allowed	Forbidden
File 2 of the database	Inherited	Inherited

In this case:

The user can read the records found in File 1 and add records into File 2.
The user cannot read the records found in File 2 because the restriction is inherited from the rights defined on the database.
The user cannot add records into File 1 because this action is explicitly forbidden.

Special cases

Owner of a database or data file

The databases and the data files belong to a owner. The user who created the database or the file automatically becomes the owner of this element.

Rights to modify the owner:
Only the owner of the element or a user who has the rights to "Modify the owner" can change the owner of the element.
The rights to "Modify the owner" can be granted by the owner of the element or by a user who has the rights to "Modify the owner".

Finding out and modifying the owner:

The following functions can be used to identify the owner:


Versions 09 and later HInfoDatabaseProperty New in version 09 HInfoDatabaseProperty HInfoDatabaseProperty	Used to find out the properties of a database found on a HFSQL server.
Versions 09 and later HInfoFileProperty New in version 09 HInfoFileProperty HInfoFileProperty	Used to find out the properties of a data file found on a HFSQL server.

The following functions can be used to modify the owner:


Versions 09 and later HModifyDatabaseProperty New in version 09 HModifyDatabaseProperty HModifyDatabaseProperty	Modifies the properties of a database found on a HFSQL server.
Versions 09 and later HModifyFileProperty New in version 09 HModifyFileProperty HModifyFileProperty	Modifies the properties of a HFSQL file found on a server.

The HFSQL Control Center can also be used to modify the owner.

Modifying the rights

Modifying the rights consists in allowing, forbidding or removing an authorization or a restriction.

To modify the rights, you must:

have the rights to "Modify the rights".
be a "Super User".

Note: The owner of the database or the owner of the data file is always allowed to grant to himself the rights to "Modify the rights" on this element (HModifyDatabaseRights or HModifyFileRights)

What are the rights required to add/modify the users or the groups?

The table below presents the rights required to handle the characteristics of groups and users:

	hRightsManageUser	hRightsSeeUser

Actions on the other users or groups (other than the current user and group)		x
Modify the name of a user or group	x	x
Add a user or a group	x	x
Modify the characteristics of the current user or group	x
See the users or the groups		x

These constants are used in HInfoServerRights and HModifyServerRights.