Board index » delphi » Granting User Rights on IB6

Granting User Rights on IB6

I'd like to know if there is a flaw in this particular setup:

Rather than granting user rights and privileges on the RDMS level, I have
just one user (SYSDBA), and control what the user can and cannot do on the
client side.  The client app. always logs into the server as SYSDBA with the
appropriate password; but users, through the client app., are given unique
IDs, passwords and privileges.  The IDs and passwords are saved on the
server database in a table, and privileges (editing, deleting, viewing etc)
are controlled through the client app.  

Thanks.

 

Re:Granting User Rights on IB6


Quote
"John Q." <jo...@nowhwere.net> wrote in message

news:Xns90EB8039B7495jcorrchnqnowh2e2re@207.105.83.65...

Quote

> I'd like to know if there is a flaw in this particular setup:

> Rather than granting user rights and privileges on the RDMS level, I have
> just one user (SYSDBA), and control what the user can and cannot do on the
> client side.  The client app. always logs into the server as SYSDBA with
the
> appropriate password; but users, through the client app., are given unique
> IDs, passwords and privileges.  The IDs and passwords are saved on the
> server database in a table, and privileges (editing, deleting, viewing
etc)
> are controlled through the client app.

This is my general setup as well and it works good for me. Basically, I have
security tables that allow the admin to set up read/write access to groups
and then assign users to groups. Since a lot of the app relies on
transferring information (business flow type app) from one group of tables
to another, table access isn't an answer. The only way to control it is
through the access to forms.

Woody

Re:Granting User Rights on IB6


Quote
"John Q." wrote:

> I'd like to know if there is a flaw in this particular setup:

> Rather than granting user rights and privileges on the RDMS level, I have
> just one user (SYSDBA),

        It is certainly a flaw to have your one user be SYSDBA.  That's like
saying that your only user on a Linux system is root.  There are things
that SYSDBA can do that you don't want a regular user to be able to do.
At the very least, I'd create a special user for your program and GRANT
appropriate access to that users.

        Secondly, your setup will work fine so long as the user only accesses
your DB through your app.  If they use Crystal Reports (or some other
third party tool), then they'll see the entire DB.

        -Craig

--
Craig Stuntz (TeamB)       Senior Developer, Vertex Systems Corp.
Delphi/InterBase weblog:   http://delphi.weblogs.com
Use Borland servers; posts via others are not seen by TeamB.
For more info, see http://www.borland.com/newsgroups/genl_faqs.html

Re:Granting User Rights on IB6


At least, don't use SYSDBA.  You will probably have to hardcode the
password in the program(s) or make it otherwise available and hiding
SYSBDA's password is a good thing.
Secondly, looking at a list of connected users wont tell you much (just
a list with one name repeatied).
There are probably other reasons as well. Why not just give users
individual usernames, paswords and rights?  Using 'roles' might simplify
the chore.

regards,
Aage J.

Quote
"John Q." wrote:

> I'd like to know if there is a flaw in this particular setup:

> Rather than granting user rights and privileges on the RDMS level, I have
> just one user (SYSDBA), and control what the user can and cannot do on the
> client side.  The client app. always logs into the server as SYSDBA with the
> appropriate password; but users, through the client app., are given unique
> IDs, passwords and privileges.  The IDs and passwords are saved on the
> server database in a table, and privileges (editing, deleting, viewing etc)
> are controlled through the client app.

> Thanks.

Other Threads