Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!apple!ames!hc!lll-winken!uunet!tiamat!jim
From: jim@tiamat.fsc.com (Jim O'Connor)
Newsgroups: comp.databases
Subject: Re: Restricting access to Informix tables
Message-ID: <585@tiamat.fsc.com>
Date: 3 Jun 89 18:54:10 GMT
References: <1080@investor.UUCP> <1092@altos86.UUCP> <1347@infmx.UUCP> <1537@cod.NOSC.MIL>
Organization: Filtration Sciences - Chattanooga,TN
Lines: 28

* > >In article <1080@investor.UUCP> news@investor.UUCP ( Bob Peirce) writes:
* > >>We have a database we want to keep most people from updating or
* > >>inserting except under controlled circumstances; ie, No from sperform,
* > >>but YES from a 4GL data entry program.  
* > >>-- 
* 
* As inelegant as it may seem to be, we solved the problem by adding a
* permissions table to the database.  Each row represents a user; each
* column represents a "functional" application.  The column values can
* be from a domain as simple as Y or N to as complex as a set of values 
* for different levels of permissions.  The 4GL program obtains UID upon
* entry and reads the row in the permission table corresponding to that
* UID into an array in the program.  Each functional application checks
* its appropriate entry in the array to see if the user has permission
* to execute it.

But how do you keep the user from running "isql" and then tinkering with
the data that they have access to with any arbitrary RDSQL statement.

In the 4GL application, you can make sure the user only performs "logical"
operations on the data they have access to, but if they have a way to
run "isql" they can do whatever they want.

------------- 
James B. O'Connor			jim@tiamat.fsc.com
Filtration Sciences Corporation		615/821-4022 x. 651

*** Altos users unite! mail to "info-altos-request@tiamat.fsc.com" ***