Progress
SQL-89
Guide and Reference
Privilege Checking
Progress automatically performs privilege checking at compile time for procedures containingProgress/SQL statements. This is done the same way in Progress 4GL procedures. You can view the table-level and column-level compile-time security privileges by choosing Admin
Security in the Data Administration tool. However, you cannot use this menu to change privileges if you created the table you are viewing with the CREATE TABLE statement. Instead, you must use the GRANT and REVOKE statements.
In addition to providing compile-time security, you can also check privileges at run time. To prevent unauthorized users from running procedures that contain Progress/SQL statements, use the CAN-DO function to check the user ID established during login, or check the contents of the user ID directly with the Progress/SQL USER keyword or the Progress USERID function. The USER keyword is equivalent to the value of the USERID function for the current default (working) database.
If you use the CAN-DO or USERID function in Progress/SQL, you must modify and recompile the procedure whenever you want to change the user IDs that are allowed to execute it. Alternatively, you can set up an activities-based table to define the users who are permitted to run a particular procedure. You read the table in your procedure to check the permissions for the current user ID.
See the Progress Language Reference for descriptions of the CAN-DO and USERID functions. For an explanation of compile-time security and activities-based security checking, see the Progress Programming Handbook.
Copyright © 2004 Progress Software Corporation www.progress.com Voice: (781) 280-4000 Fax: (781) 280-4095 |